webqq Flashcards

Question

Which of the following would NOT violate the Due Diligence concept? A. Security policy being outdated B. Data owners not laying out the foundation of data protection C. Network administrator not taking mandatory two-week vacation as planned D. Latest security patches for servers being installed as per the Patch Management process

Answer 1

Correct Answer: D Due diligence is the act of gathering the necessary information so the best decision-making activities can take place. Before a company purchases another company, it should carry out due diligence activities so that the purchasing company does not have any "surprises" down the road. The purchasing company should investigate all relevant aspects of the past, present, and predictable future of the business of the target company. If this does not take place and the purchase of the new company hurts the original company financially or legally, the decision makers could be found liable (responsible) and negligent by the shareholders. In information security, similar data gathering should take place so that there are no "surprises" down the road and the risks are fully understood before they are accepted. Latest security patches for servers being installed as per the Patch Management process is a good security measure that should take place. This measure would not violate Due Diligence. Incorrect Answers: A: Security policy being outdated is a security risk that would violate due diligence. B: Data owners not laying out the foundation of data protection is a security risk that would violate due diligence. C: A network administrator not taking mandatory two-week vacation as planned protection is a security risk that would violate due diligence. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 1023

Answer 2

Correct Answer: B Least privilege means an individual should have just enough permissions and rights to fulfill his role in the company and no more. If an individual has excessive permissions and rights, it could open the door to abuse of access and put the company at more risk than is necessary. Ensuring least privilege requires the following: ✑ Identifying what the user's job is (and therefore what he needs to do). ✑ Determining the minimum set of privileges required for a user to perform their duties. ✑ Restricting the user to required privileges and nothing more. Ensuring that the user alone does not have sufficient rights to subvert an important process is not a requirement for least privilege. This is an example of separation of duties where it would take collusion between two or more people to subvert the process. Incorrect Answers: A: Ensuring least privilege does require identifying what the user's job is to determine what he needs to do and what permissions he needs to do it. C: Determining the minimum set of privileges required for a user to perform their duties is a requirement for ensuring least privilege. D: Restricting the user to required privileges and nothing more is the definition of least privilege. This is obviously a requirement for ensuring least privilege. References: , 6th Edition, McGraw-Hill, 2013, p. 1236

Answer 3

Correct Answer: D A quantitative risk analysis is used to assign monetary and numeric values to all elements of the risk analysis process. Each element within the analysis (asset value, threat frequency, severity of vulnerability, impact damage, safeguard costs, safeguard effectiveness, uncertainty, and probability items) is quantified and entered into equations to determine total and residual risks. It is more of a scientific or mathematical approach to risk analysis compared to qualitative. Quantitative risk analysis does require knowledge and experience to perform. Therefore, the statement "It requires little experience to apply" is false. Incorrect Answers: A: A portion of the quantitative risk analysis process can be automated by using quantitative risk analysis tools. B: Quantitative risk analysis does involve complex calculations. C: Quantitative risk analysis does require a high volume of information. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 86

Answer 4

Correct Answer: C A project management style approach is used the development of documents such as security policy, standards and procedures. In the initiation and evaluation stage, a written proposal is submitted to management stating the objectives of the particular document. In the development phase, a team is assembled for the creation of the document. In the approval phase, the document is presented to the appropriate body within the organization for approval. In the publication phase, the document is published within the organization. In the implementation phase, the various groups affected by the new document commence its implementation. In the maintenance phase, the document is reviewed on the review date agreed in the development phase. Incorrect Answers: A: Design, coding and testing are not phases in the development of documents such as security policy, standards and procedures. B: Design and implementation are not phases in the development of documents such as security policy, standards and procedures. D: Feasibility and integration are not phases in the development of documents such as security policy, standards and procedures. References: Information Security Management Handbook, Fourth Edition, Volume 3 by Harold. F. Tipton. Page 380-382.

Answer 5

Correct Answer: A The Systems Development Life Cycle (SDLC), also called the Software Development Life Cycle or simply the System Life Cycle, is a system development model. There are many variants of the SDLC, but most follow (or are based on) the National Institute of Standards and Technology (NIST) SDLC process. NIST Special Publication 800-14 states: "Security, like other aspects of an IT system, is best managed if planned for throughout the IT system life cycle. There are many models for the IT system life cycle but most contain five basic phases: initiation, development/acquisition, implementation, operation, and disposal." Additional steps are often added, most critically the security plan, which is the first step of any SDLC. The following overview is summarized from the NIST document, in which the first two steps relate to Risk analysis: 1. Prepare a Security PlanEnsure that security is considered during all phases of the IT system life cycle, and that security activities are accomplished during each of the phases. 2. InitiationThe need for a system is expressed and the purpose of the system is documented. 3. Conduct a Sensitivity AssessmentLook at the security sensitivity of the system and the information to be processed. 4. Development/Acquisition 5. Implementation 6. Operation/Maintenance Incorrect Answers: B: Risk analysis is not a critical part of the Functional Requirements definition. C: Risk analysis is not a critical part of the System Design Specification. D: Risk analysis is not a critical part of Development and Implementation. References: , 2nd Edition, Syngress, Waltham, 2012, pp. 182-183

Answer 6

Correct Answer: A RFC 1087 is called "Ethics and the Internet." This RFC outlines the concepts pertaining to what the IAB considers unethical and unacceptable behavior. Incorrect Answers: B: RFC 1087 is not related to profession conduct. It concerns Ethics and the Internet. C: RFC 1087 does not address personal data record keeping. D: RFC 1087 does not concern consent of use of private data. It is related to Ethics and the Internet. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 1064

Answer 7

Correct Answer: A Alternate site selection is among the eight BIA steps. Note: The eight BIA Steps are listed below: 1. Select individuals to interview for data gathering. 2. Create data-gathering techniques (surveys, questionnaires, qualitative and quantitative approaches). 3. Identify the companys critical business functions. 4. Identify the resources these functions depend upon. 5. Calculate how long these functions can survive without these resources. 6. Identify vulnerabilities and threats to these functions. 7. Calculate the risk for each different business function. 8. Document findings and report them to management. Incorrect Answers: B: Creating data-gathering techniques is the second out of the eight BIA steps. C: To identify the companys critical business functions is the third out of the eight BIA steps. D: Selecting individuals to interview for data gathering is the first out of the eight BIA steps. References:

Answer 8

Correct Answer: B The Exposure Factor (EF) is a measure of the magnitude of loss or impact (usually as a percentage) on the value of an asset. It is used for calculating the Single Loss Expectancy (SLE) which in turn is used to calculate the Annual Loss Expectancy (ALE). The Single Loss Expectancy (SLE) is a dollar amount that is assigned to a single event that represents the companys potential loss amount if a specific threat were to take place. The equation is laid out as follows: Asset Value Exposure Factor (EF) = SLE The exposure factor (EF) represents the percentage of loss a realized threat could have on a certain asset. For example, if a data warehouse has the asset value of $150,000, it can be estimated that if a fire were to occur, 25 percent of the warehouse would be damaged, in which case the SLE would be $37,500: Asset Value ($150,000) Exposure Factor (25%) = $37,500 Incorrect Answers: A: Probability is the likelihood of something happening. This is not what is described in the question. C: A vulnerability is the absence or weakness of a safeguard that could be exploited. This is not what is described in the question. D: A threat is any potential danger that is associated with the exploitation of a vulnerability. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 87

Answer 9

Correct Answer: B A BIA is performed at the beginning of business continuity planning to identify the areas that would suffer the greatest financial or operational loss in the event of a disaster or disruption. It identifies the companys critical systems needed for survival and estimates the outage time that can be tolerated by the company as a result of a disaster or disruption. Incorrect Answers: A: The Business continuity plan depends on the BIA, not on directives from Senior Management. C: The Business continuity plan depends on the BIA, not on Scope and Plan Initiation. D: The Business continuity plan depends on the BIA, not on Skills of BCP committee. References: , 6th Edition, McGraw-Hill, 2013, p. 909

Answer 10

Correct Answer: C Risk management often must rely on speculation, best guesses, incomplete data, and many unproven assumptions. The uncertainty analysis attempts to document this so that the risk management results can be used knowledgeably. There are two primary sources of uncertainty in the risk management process: (1) a lack of confidence or precision in the risk management model or methodology and (2) a lack of sufficient information to determine the exact value of the elements of the risk model, such as threat frequency, safeguard effectiveness, or consequences. References: http://csrc.nist.gov/publications/nistpubs/800-14/800-14.pdf, p. 21

Answer 11

Correct Answer: A Preventive administrative controls are management policies and procedures designed to protect against unwanted employee behavior. This includes separation of duties, business continuity and DR planning/testing, proper hiring practices, and proper processing of terminations. It also includes security policy, information classification, personnel procedures, and security-awareness training. Incorrect Answers: B: Technical controls, which are also known as logical controls, are software or hardware components, such as firewalls, IDS, encryption, identification and authentication mechanisms. C: Physical controls are items put into place to protect facility, personnel, and resources. These include guards, locks, fencing, and lighting. D: Detective/Administrative controls include monitoring and supervising, job rotation, and investigations. References: http://www.brighthub.com/computing/smb-security/articles/2388.aspx , 6th Edition, McGraw-Hill, 2013, pp. 28-33

Answer 12

Correct Answer: C A Chief Security Officer (CSO) reports directly to the Chief Executive Officer (CEO). IT Security should be led by a CSO. The chief security officer (CSO) is responsible for understanding the risks that the company faces and for mitigating these risks to an acceptable level. This role is responsible for understanding the organizations business drivers and for creating and maintaining a security program that facilitates these drivers, along with providing security, compliance with a long list of regulations and laws, and any customer expectations or contractual obligations. Incorrect Answers: A: The IT security function should not be a function within the information systems function of an organization. B: The IT security function should not report directly to a specialized business unit such as legal, corporate security or insurance. D: The IT security function should be independent but should not report to the Information Systems function. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 119

Answer 13

Correct Answer: A Loss of revenue is a quantitative loss, A Qualitative loss. The quantitative impact can be determined by evaluating financial losses such as lost revenue, assets or production units, and salary paid to an idled workforce. Qualitative impact includes such factors as reputation, goodwill, value of the brand and lost opportunity, among others. Incorrect Answers: B: Loss of market share is qualitative loss. C: Qualitative impact can lead eventually to financial losses over time, for example due to loss of customer confidence. D: Loss of market leadership is qualitative loss. References: http://searchdisasterrecovery.techtarget.com/answer/Debating-quantitative-impact-vs-qualitative-impact

Answer 14

Correct Answer: A Management controls are largely procedural in nature and in general deal with the business processes used by an organization to manage the security of the information systems. The Management Control class includes five families of security controls: Risk Assessment, Security Planning, Acquisition of Information Systems and Services, Review of Security Controls and Security Accreditation. Incorrect Answers: B: Personnel security is not one of the five defined families of security controls in the Management Control Class. C: Physical and environmental protection is not one of the five defined families of security controls in the Management Control Class. D: Documentation is not one of the five defined families of security controls in the Management Control Class. References: , 3rd Edition, Auerbach Publications, Boca Raton, 2008, p. 476

Answer 15

Correct Answer: D Valuable paper insurance coverage provides protection for inscribed, printed, and written documents and manuscripts and other printed business records. However, it does Cover damage to paper money and printed security certificates. Incorrect Answers: A: Valuable paper insurance coverage provides protection for inscribed, printed, and written documents. B: Valuable paper insurance coverage provides protection for manuscripts. C: Valuable paper insurance coverage provides protection for printed business records. References: , 5th Edition, Sybex, Indianapolis, 2011, p. 653

Answer 16

Correct Answer: B The attributes of a security policy include the following: ✑ Its main purpose is to inform the users, administrators and managers of their obligatory requirements for protecting technology and information assets. ✑ It needs to have the acceptance and support of all levels of employees within the organization in order for it to be appropriate and effective. ✑ It must be flexible to the changing environment. A security policy does not specify how hardware and software should be used throughout the organization. This is the purpose of an Acceptable Use Policy. Incorrect Answers: A: The main purpose of a security policy is to inform the users, administrators and managers of their obligatory requirements for protecting technology and information assets. C: A security policy does to have the acceptance and support of all levels of employees within the organization in order for it to be appropriate and effective. D: A security policy must be flexible to the changing environment. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 102

Answer 17

Correct Answer: A In the property and casualty insurance industry, Actual Cash Value (ACV) is a method of valuing insured property, or the value computed by that method. ACV is computed by subtracting depreciation from replacement cost on the date of the loss. The depreciation is usually calculated by establishing a useful life of the item determining what percentage of that life remains. This percentage multiplied by the replacement cost equals the ACV. Incorrect Answers: B: Using Actual Cash Valuation you would not receive a new item as a replacement for the old damaged item. C: You would receive the calculated value of item on the exact date of the loss, not of the value one month before the loss. D: You would receive the calculated value of item on the date of loss only. You would not receive an additional 10%. References: https://en.wikipedia.org/wiki/Actual_cash_value

Answer 18

A security policy is an overall general statement produced by senior management (or a selected policy board or committee) that dictates what role security plays within the organization. A security policy can be an organizational policy, an issue-specific policy, or a system-specific policy. In an organizational security policy, management establishes how a security program will be set up, lays out the programs goals, assigns responsibilities, shows the strategic and tactical value of security, and outlines how enforcement should be carried out. Security planning should include establishing objectives, listing assumptions and determining alternate courses of action. Security planning does not include establishing a security audit function. Auditing security is performed to ensure that the security measures implemented as described in the security plan are effective. Incorrect Answers: A: Security planning should include establishing objectives. B: Security planning should include listing assumptions. D: Security planning should include determining alternate courses of action. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 102

Answer 19

Correct Answer: A For an organization to achieve the desired results of its security program, it must communicate the what, how, and why of security to its employees. Security- awareness training should be comprehensive, tailored for specific groups, and organization-wide. The goal is for each employee to understand the importance of security to the company as a whole and to each individual. Expected responsibilities and acceptable behaviors must be clarified, and noncompliance repercussions, which could range from a warning to dismissal, must be explained before being invoked. Security-awareness training is performed to modify employees behavior and attitude toward security. This can best be achieved through a formalized process of security-awareness training. Incorrect Answers: B: It is not the purpose of security awareness training to modify management's approach towards enterprise's security posture. C: It is not the purpose of security awareness training to modify attitudes of employees with sensitive data only. It should apply to all employees. D: It is not the purpose of security awareness training to modify corporate attitudes about safeguarding data. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 130

Answer 20

Correct Answer: A COSO is a model for corporate governance, and CobiT is a model for IT governance. COSO deals more at the strategic level, while CobiT focuses more at the operational level. You can think of CobiT as a way to meet many of the COSO objectives, but only from the IT perspective. COSO deals with non-IT items also, as in company culture, financial accounting principles, board of director responsibility, and internal communication structures. COSO was formed to provide sponsorship for the National Commission on Fraudulent Financial Reporting, an organization that studies deceptive financial reports and what elements lead to them. There have been laws in place since the 1970s that basically state that it was illegal for a corporation to cook its books (manipulate its revenue and earnings reports), but it took the SarbanesOxley Act (SOX) of 2002 to really put teeth into those existing laws. SOX is a U.S. federal law that, among other things, could send executives to jail if it was discovered that their company was submitting fraudulent accounting findings to the Security Exchange Commission (SEC). SOX is based upon the COSO model, so for a corporation to be compliant with SOX, it has to follow the COSO model. Companies commonly implement ISO/IEC 27000 standards and CobiT to help construct and maintain their internal COSO structure. Incorrect Answers: B: BIBA is not required by organizations working towards SarbanesOxley Section 404 compliance. C: National Institute of Standards and Technology Special Publication 800-66 (NIST SP 800-66) is not required by organizations working towards Sarbanes Oxley Section 404 compliance. D: CCTA Risk Analysis and Management Method (CRAMM) is not required by organizations working towards SarbanesOxley Section 404 compliance. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 59

Answer 21

Correct Answer: A The chief financial officer (CFO) is a member of the board. The board members are responsible for setting the organizations strategy and risk appetite (how much risk the company should take on). In this question, the Chief Financial Officer accepted the risk of only partial financial data being backed up with no off-site copies available. The Chief Financial Officer therefore owns the risk. Incorrect Answers: B: The most Senior Management such as the Chief Executive Officer does not own the risk. The Chief Financial Officer is responsible for company finances and accepted the risk. This means that the CFO owns the risk, not the CEO. C: The Technology Manager signed the risk assessment but he did not accept the risk. D: The Technology Manager signed the risk assessment but he did not accept the risk. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 98

Answer 22

Correct Answer: B The detective/technical controls helps to identify an incidents activities and potentially an intruder using software or hardware components, which include Audit logs and IDS. Incorrect Answers: A: Preventive/physical controls are meant to discourage a potential attacker using items put into place to protect facility, personnel, and resources. These items include locks, badge systems, security guards, biometric system, and mantrap doors. C: The detective/physical controls helps to identify an incidents activities and potentially an intruder using items put into place to protect facility, personnel, and resources. These items include motion detectors and closed-circuit TVs. D: The detective/administrative controls helps to identify an incidents activities and potentially an intruder using management-oriented controls, which include monitoring and supervising, job rotation, and investigations. References: , 6th Edition, McGraw-Hill, 2013, pp. 28-34

Answer 23

Correct Answer: A If a company decides to terminate the activity that is introducing the risk, this is known as risk avoidance. For example, if a company allows employees to use instant messaging (IM), there are many risks surrounding this technology. The company could decide not to allow any IM activity by their users because there is not a strong enough business need for its continued use. Discontinuing this service is an example of risk avoidance. By avoiding the risk, we can eliminate involvement with the risk. Incorrect Answers: B: Risk acceptance means the company understands the level of risk it is faced with, as well as the potential cost of damage, and decides to just live with it and not implement the countermeasure. This does not eliminate involvement with the risk. C: Risk transference is where you assign the risk to someone else; for example, by purchasing insurance. This would transfer the risk to the insurance company. This does not eliminate involvement with the risk. D: Risk mitigation is to implement a countermeasure to protect against the risk. This does not eliminate involvement with the risk. References: , 6th Edition, McGraw-Hill, New York, 2013, pp. 97-98

Answer 24

Correct Answer: C If a company decides to terminate the activity that is introducing the risk, this is known as risk avoidance. For example, if a company allows employees to use instant messaging (IM), there are many risks surrounding this technology. The company could decide not to allow any IM activity by their users because there is not a strong enough business need for its continued use. Discontinuing this service is an example of risk avoidance. By being proactive and removing the vulnerability causing the risk, we are avoiding the risk. Incorrect Answers: A: Risk mitigation is to implement a countermeasure to protect against the risk. Implementing controls is being proactive and would reduce a risk, however, only risk avoidance removes the risk or prevents the risk being realized in the first place. B: Risk acceptance means the company understands the level of risk it is faced with, as well as the potential cost of damage, and decides to just live with it and not implement the countermeasure. This does not describe being proactive to remove the risk. D: Risk transference is where you assign the risk to someone else; for example, by purchasing insurance. This would transfer the risk to the insurance company. This does not describe being proactive to remove the risk. References: , 6th Edition, McGraw-Hill, New York, 2013, pp. 97-98

Answer 25

Correct Answer: B A Decision Support System (DSS) is a computer-based information system that supports business or organizational decision-making activities. DSSs serve the management, operations, and planning levels of an organization (usually mid and higher management) and help people make decisions about problems that may be rapidly changing and not easily specified in advance - i.e. Unstructured and Semi-Structured decision problems. DSS emphasizes flexibility and adaptability to accommodate changes in the environment and the decision making approach of the user. DSS tends to be aimed at the less well structured, underspecified problem that upper level managers typically face. DSS attempts to combine the use of models or analytic techniques with traditional data access and retrieval functions. DSS attempts to combine the use of models or analytic techniques with traditional data access and retrieval functions. Incorrect Answers: A: DSS is aimed at solving unstructured and semi-structured decision problems, not highly structured problems. C: DSS does not support only structured decision-making tasks; it supports unstructured and semi-structured decision-making tasks. D: DSS attempts to combine the use of models or analytic techniques with traditional (not non-traditional) data access and retrieval functions. References: https://en.wikipedia.org/wiki/Decision_support_system

Answer 26

Correct Answer: D Crime Insurance policy protects organizations from loss of money, securities, or inventory resulting from crime. Incorrect Answers: A: Crime Insurance Policy does not protect Inscribed, printed and written documents. You would need Valuable paper insurance for that. B: Crime Insurance Policy does not protect manuscripts. You would need Valuable paper insurance for that. C: Crime Insurance Policy does not protect business records such as Accounts Receivable. You would need Valuable paper insurance for that. References: http://www.insurecast.com/html/crime_insurance.asp

Answer 27

Correct Answer: D Reason: The security administrator, security analysis, and the system auditor need access to portions of the security systems to accomplish their jobs. The system programmer does not need access to the working (AKA: Production) security systems. Programmers should not be allowed to have ongoing direct access to computers running production systems (systems used by the organization to operate its business). To maintain system integrity, any changes they make to production systems should be tracked by the organizations change management control system. Because the security administrators job is to perform security functions, the performance of non-security tasks must be strictly limited. This separation of duties reduces the likelihood of loss that results from users abusing their authority by taking actions outside of their assigned functional responsibilities. Incorrect Answers: A: The security administrator needs to access the software on systems implementing security to perform his job function. B: The security analyst needs to access the software on systems implementing security to perform his job function. C: The systems auditor needs to access the software on systems implementing security to perform his job function.

Answer 28

Correct Answer: A Trusted recovery ensures that security is not breached when a system crash or other system failure (sometimes called a "discontinuity") occurs. It must ensure that the system is restarted without compromising its required protection scheme, and that it can recover and rollback without being compromised after the failure. Trusted recovery is required only for B3 and A1 level systems. A system failure represents a serious security risk because the security controls may be bypassed when the system is not functioning normally. For example, if a system crashes while sensitive data is being written to a disk (where it would normally be protected by controls), the data may be left unprotected in memory and may be accessible by unauthorized personnel. Trusted recovery has two primary activities preparing for a system failure and recovering the system. Incorrect Answers: B: Hot swappable refers to computer components that can be swapped while the computer is running. This is not what is described in the question. C: Redundancy refers to multiple instances of computer or network components to ensure that the system can remain online in the event of a component failure. This is not what is described in the question. D: Secure Boot refers to a security standard that ensures that a computer boots using only software that is trusted. This is not what is described in the question. References: , 2nd Edition, Wiley Publishing, Indianapolis, 2004, p.

Answer 29

Correct Answer: A The Orange Book defines two types of assurance operational assurance and life cycle assurance. Life cycle assurance ensures that a TCB is designed, developed, and maintained with formally controlled standards that enforces protection at each stage in the systems life cycle. Configuration management, which carefully monitors and protects all changes to a systems resources, is a type of life cycle assurance. The life cycle assurance requirements specified in the Orange Book are as follows: ✑ Security testing ✑ Design specification and testing ✑ Configuration management ✑ Trusted distribution Incorrect Answers: B: Operational assurance focuses on the basic features and architecture of a system. An example of an operational assurance would be a feature that separates a security-sensitive code from a user code in a systems memory. Operational assurance is not what is described in the question. C: Covert timing assurance is not one of the two defined types of assurance. D: Covert storage assurance is not one of the two defined types of assurance. References: , 2nd Edition, Wiley Publishing, Indianapolis, 2004, pp. 305-306

Answer 30

Correct Answer: C The security controls and mechanisms that are in place must have a degree of transparency. This enables the user to perform tasks and duties without having to go through extra steps because of the presence of the security controls. Transparency also does not let the user know too much about the controls, which helps prevent him from figuring out how to circumvent them. If the controls are too obvious, an attacker can figure out how to compromise them more easily. Security (more specifically, the implementation of most security controls) has long been a sore point with users who are subject to security controls. Historically, security controls have been very intrusive to users, forcing them to interrupt their work flow and remember arcane codes or processes (like long passwords or access codes), and have generally been seen as an obstacle to getting work done. In recent years, much work has been done to remove that stigma of security controls as a detractor from the work process adding nothing but time and money. When developing access control, the system must be as transparent as possible to the end user. The users should be required to interact with the system as little as possible, and the process around using the control should be engineered so as to involve little effort on the part of the user. For example, requiring a user to swipe an access card through a reader is an effective way to ensure a person is authorized to enter a room. However, implementing a technology (such as RFID) that will automatically scan the badge as the user approaches the door is more transparent to the user and will do less to impede the movement of personnel in a busy area. In another example, asking a user to understand what applications and data sets will be required when requesting a system ID and then specifically requesting access to those resources may allow for a great deal of granularity when provisioning access, but it can hardly be seen as transparent. A more transparent process would be for the access provisioning system to have a role-based structure, where the user would simply specify the role he or she has in the organization and the system would know the specific resources that user needs to access based on that role. This requires less work and interaction on the part of the user and will lead to more accurate and secure access control decisions because access will be based on predefined need, not user preference. When developing and implementing an access control system special care should be taken to ensure that the control is as transparent to the end user as possible and interrupts his work flow as little as possible. Incorrect Answers: A: The complexity of security controls is not what enables users to perform tasks and duties without having to go through extra steps. The controls can be complex or simple; as long as they have a degree of transparency, users will be able to perform tasks and duties without having to go through extra steps. B: Non-transparent security controls do not enable users to perform tasks and duties without having to go through extra steps; this would be the opposite in that it would require the extra steps. D: The simplicity of security controls is not what enables users to perform tasks and duties without having to go through extra steps. The controls can be complex or simple; as long as they have a degree of transparency, users will be able to perform tasks and duties without having to go through extra steps. References: , 6th Edition, McGraw-Hill, 2013, pp. 1239-1240

Answer 31

Correct Answer: D Only data to and from critical systems and applications should be allowed through the firewall is a detractor. Critical systems or applications do not necessarily need to have traffic go through a firewall. Even if they did, only the minimum required services should be allowed. Systems that are not deemed critical may also need to have traffic go through the firewall. Least privilege is a basic tenet of computer security that means users should be given only those rights required to do their jobs or tasks. Least privilege is ensuring that you have the minimum privileges necessary to do a task. An admin NOT using his admin account to check email is a clear example of this. Incorrect Answers: A: The number of administrative accounts should be kept to a minimum: this is good practice and supports the concept of least privilege. B: Administrators should use regular accounts when performing routine operations like reading mail: this is good practice and supports the concept of least privilege. C: Permissions on tools that are likely to be used by hackers should be as restrictive as possible: this is good practice and supports the concept of least privilege.

Answer 32

Correct Answer: A Confidentiality ensures that a message can only be read by the intended recipient. Encrypting a message provides confidentiality. A digital signature provides Authentication, Non-repudiation, and Integrity. The purpose of digital signatures is to detect unauthorized modifications of data, and to authenticate the identity of the signatories and non-repudiation. These functions are accomplished by generating a block of data that is usually smaller than the size of the original data. This smaller block of data is bound to the original data and to the identity of the sender. This binding verifies the integrity of data and provides non-repudiation. To quote the National Institute Standards and Technology (NIST) Digital Signature Standard (DSS): Digital signatures are used to detect unauthorized modifications to data and to authenticate the identity of the signatory. In addition, the recipient of signed data can use a digital signature in proving to a third party that the signature was in fact generated by the signatory. Different steps and algorithms provide different types of security services: ✑ A message can be encrypted, which provides confidentiality. ✑ A message can be hashed, which provides integrity ✑ A message can be digitally signed, which provides authentication, nonrepudiation, and integrity. ✑ A message can be encrypted and digitally signed, which provides confidentiality, authentication, nonrepudiation, and integrity Incorrect Answers: B: A digital signature provides Authentication, Non-repudiation, and Integrity; not just Authentication. C: A digital signature provides Authentication, Non-repudiation, and Integrity; not just Non-repudiation. D: A digital signature provides Authentication, Non-repudiation, and Integrity; not just Integrity. References: , 6th Edition, McGraw-Hill, 2013, pp. 829-830 , John Wiley & Sons, New York, 2001, p. 151

Answer 33

Correct Answer: B Mandatory Access Control begins with security labels assigned to all resource objects on the system. These security labels contain two pieces of information - a classification (top secret, confidential etc.) and a category (which is essentially an indication of the management level, department or project to which the object is available). Similarly, each user account on the system also has classification and category properties from the same set of properties applied to the resource objects. When a user attempts to access a resource under Mandatory Access Control the operating system checks the user's classification and categories and compares them to the properties of the object's security label. If the user's credentials match the MAC security label properties of the object access is allowed. It is important to note that both the classification and categories must match. A user with top secret classification, for example, cannot access a resource if they are not also a member of one of the required categories for that object. Incorrect Answers: A: In Mandatory Access Control, the sensitivity labels attached to objects contain a category set as well as the item's classification. C: In Mandatory Access Control, the sensitivity labels attached to objects contain the item's classification as well as a category. D: An items need to know is not something that is included in the sensitivity label. The categories portion of the label is used to enforce need-to-know rules. References: http://www.techotopia.com/index.php/Mandatory,_Discretionary,_Role_and_Rule_Based_Access_Control

Answer 34

Correct Answer: D An object's sensitivity label contains one classification and multiple categories which represent compartments of information within a system. When the MAC model is being used, every subject and object must have a sensitivity label, also called a security label. It contains a classification and different categories. The classification indicates the sensitivity level, and the categories enforce need-to-know rules. The classifications follow a hierarchical structure, with one level being more trusted than another. However, the categories do not follow a hierarchical scheme, because they represent compartments of information within a system. The categories can correspond to departments (UN, Information Warfare, Treasury), projects (CRM, AirportSecurity, 2011Budget), or management levels. In a military environment, the classifications could be top secret, secret, confidential, and unclassified. Each classification is more trusted than the one below it. A commercial organization might use confidential, proprietary, corporate, and sensitive. The definition of the classification is up to the organization and should make sense for the environment in which it is used. Incorrect Answers: A: An object's sensitivity label contains a single classification, not a classification set and multiple categories (compartments), not a single compartment. B: An object's sensitivity label contains multiple categories (compartments), not a single compartment. C: An object's sensitivity label contains a single classification, not a classification set. Furthermore, an object's sensitivity label does not contain user credentials. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 223

Answer 35

Correct Answer: D Sensitivity labels are "incomparable" with neither label contains all the categories of the other. Comparability: The label: "TOP SECRET [VENUS ALPHA]" is higher than either than either of the following labels: "SECRET [VENUS ALPHA]" or "TOP SECRET [VENUS]" or "TOP SECRET [ALPHA]" However, you cannot say that the label "TOP SECRET [VENUS]" is higher than the label: "TOP SECRET [ALPHA]" because the categories are different. Because neither label contains all the categories of the other, the labels cannot be compared; they are said to be incomparable. In this case, you would be denied access. Incorrect Answers: A: A sensitivity label can only have one classification. B: Sensitivity labels are "incomparable" with neither label contains all the categories, not the classifications of the other. C: The number of categories in the two labels being different does not necessarily mean they are incomparable. They can still be comparable as long as the label with more categories contains all the categories of the other.

Answer 36

Correct Answer: D When products are evaluated for the level of trust and assurance they provide, many times operational assurance and life-cycle assurance are part of the evaluation process. Operational assurance concentrates on the products architecture, embedded features, and functionality that enable a customer to continually obtain the necessary level of protection when using the product. Examples of operational assurances examined in the evaluation process are access control mechanisms, the separation of privileged and user program code, auditing and monitoring capabilities, covert channel analysis, and trusted recovery when the product experiences unexpected circumstances. Life-cycle assurance pertains to how the product was developed and maintained. Each stage of the products life cycle has standards and expectations it must fulfill before it can be deemed a highly trusted product. Examples of life-cycle assurance standards are design specifications, clipping-level configurations, unit and integration testing, configuration management, and trusted distribution. Vendors looking to achieve one of the higher security ratings for their products will have each of these issues evaluated and tested. Incorrect Answers: A: Architectural Assurance is not one of the two types of system assurance defined in the Orange Book. B: Design Assurance and Implementation Assurance are not the two types of system assurance defined in the Orange Book. C: Architectural Assurance and Implementation Assurance are not the two types of system assurance defined in the Orange Book. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 1240

Answer 37

Correct Answer: B Oriented is not a KDD approach. The following are three approaches used in KDD systems to uncover these patterns: ✑ Classification - Data are grouped together according to shared similarities. ✑ Probabilistic - Data interdependencies are identified and probabilities are applied to their relationships. ✑ Statistical - Identifies relationships between data elements and uses rule discovery. Another fourth data mining technique is deviation detection: find the record(s) that is (are) the most different from the other records, i.e., find all outliers. These may be thrown away as noise or may be the "interesting" ones. Incorrect Answers: A: Probabilistic is a KDD approach where data interdependencies are identified and probabilities are applied to their relationships. C: deviation detection is a KDD approach where the records that are the most different from the other records, i.e., find all outliers, are found. D: Classification is a KDD approach which identifies relationships between data elements and uses rule discovery. References: , 2nd Edition, Syngress, Waltham, 2012, p. 1368 https://en.wikipedia.org/wiki/Data_mining

Answer 38

Correct Answer: D The following outlines the first three necessary steps for a proper classification program: 1. Define classification levels. 2. Specify the criteria that will determine how data are classified. 3. Identify data owners who will be responsible for classifying data Steps 4-10 omitted. Incorrect Answers: A: Establishing procedures for periodically reviewing the classification and ownership is not one of the first steps in the classification program. It is one of the last steps (step 8 out of 10). B: Specifying the security controls required for each classification level is not one of the first steps in the classification program. It is step 5 out of 10. C: Identifying the responsible data custodian level is not one of the first steps in the classification program. It is step 4 out of 10. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 114

Answer 39

Correct Answer: A Competitive intelligence is the action of defining, gathering, analyzing, and distributing intelligence about a business including intelligence on products, customers, competitors, and any aspect of the environment needed to support executives and managers making strategic decisions for an organization. A competitive intelligence attack is therefore best classified as a business attack. Incorrect Answers: B: A competitive intelligence attack concerns intelligence about a business, not just intelligence in general. C: A competitive intelligence attack concerns intelligence about a business as a whole, not just the financial dimension. D: A competitive intelligence is not a grudge attack. It is an attack against a business. References: https://en.wikipedia.org/wiki/Competitive_intelligence

Answer 40

Correct Answer: B The data custodian (information custodian) is responsible for maintaining and protecting the data. This role is usually filled by the IT or security department, and the duties include implementing and maintaining security controls; performing regular backups of the data; periodically validating the integrity of the data; restoring data from backup media; retaining records of activity; and fulfilling the requirements specified in the companys security policy, standards, and guidelines that pertain to information security and data protection. Incorrect Answers: A: The data owner (information owner) is usually a member of management who is in charge of a specific business unit, and who is ultimately responsible for the protection and use of a specific subset of information. The data owner is not is given the responsibility of the maintenance and protection of the data. C: The user is any individual who routinely uses the data for work-related tasks. The user is not given the responsibility of the maintenance and protection of the data. D: The security administrator is responsible for implementing and maintaining specific security network devices and software in the enterprise. The security administrator is not is given the responsibility of the maintenance and protection of the data. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 122

Answer 41

Correct Answer: C Procedures are detailed step-by-step tasks that should be performed to achieve a certain goal. The steps can apply to users, IT staff, operations staff, security members, and others who may need to carry out specific tasks. Many organizations have written procedures on how to install operating systems, configure security mechanisms, implement access control lists, set up new user accounts, assign computer privileges, audit activities, destroy material, report incidents, and much more. Procedures are considered the lowest level in the documentation chain because they are closest to the computers and users (compared to policies) and provide detailed steps for configuration and installation issues. Procedures spell out how the policy, standards, and guidelines will actually be implemented in an operating environment. Incorrect Answers: A: Standards are compulsory rules indicating how hardware and software should be implemented, used, and maintained. Standards provide a means to ensure that specific technologies, applications, parameters, and procedures are carried out in a uniform way across the organization. They do not contain all the detailed actions that personnel are required to follow. B: Guidelines are recommended actions and operational guides for users, IT staff, operations staff, and others when a specific standard does not apply. They do not contain all the detailed actions that personnel are required to follow. D: A Baseline is the minimum level of security necessary to support and enforce a security policy. It does not contain all the detailed actions that personnel are required to follow. References: , 6th Edition, McGraw-Hill, New York, 2013, pp. 106-107

Answer 42

Correct Answer: D The data owner defines the backup requirements. However, the data owner does not run the backups. This is performed by the data custodian. The data owner is usually a member of management who is in charge of a specific business unit, and who is ultimately responsible for the protection and use of a specific subset of information. The data owner has due care responsibilities and thus will be held responsible for any negligent act that results in the corruption or disclosure of the data. The data owner decides upon the classification of the data she is responsible for and alters that classification if the business need arises. This person is also responsible for ensuring that the necessary security controls are in place, defining security requirements per classification and backup requirements, approving any disclosure activities, ensuring that proper access rights are being used, and defining user access criteria. The data custodian (information custodian) is responsible for maintaining and protecting the data. This role is usually filled by the IT or security department, and the duties include implementing and maintaining security controls; performing regular backups of the data; periodically validating the integrity of the data; restoring data from backup media; retaining records of activity; and fulfilling the requirements specified in the companys security policy, standards, and guidelines that pertain to information security and data protection. Incorrect Answers: A: Determining what level of classification the information requires is the responsibility of the data owner. B: Periodically reviewing the classification assignments against business needs is the responsibility of the data owner. C: Delegating the responsibility of data protection to data custodians is the responsibility of the data owner. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 121

Answer 43

Correct Answer: C In a trusted system, all protection mechanisms work together to process sensitive data for many types of uses, and will provide the necessary level of protection per classification level. Assurance looks at the same issues but in more depth and detail. Systems that provide higher levels of assurance have been tested extensively and have had their designs thoroughly inspected, their development stages reviewed, and their technical specifications and test plans evaluated. In the Trusted Computer System Evaluation Criteria (TCSEC), commonly known as the Orange Book, the lower assurance level ratings look at a systems protection mechanisms and testing results to produce an assurance rating, but the higher assurance level ratings look more at the system design, specifications, development procedures, supporting documentation, and testing results. The protection mechanisms in the higher assurance level systems may not necessarily be much different from those in the lower assurance level systems, but the way they were designed and built is under much more scrutiny. With this extra scrutiny comes higher levels of assurance of the trust that can be put into a system. Incorrect Answers: A: Integrity ensures that data is unaltered. This is not what is described in the question. B: Accountability is a security principle indicating that individuals must be identifiable and must be held responsible for their actions. This is not what is described in the question. D: Availability ensures reliability and timely access to data and resources to authorized individuals. References: , 6th Edition, McGraw-Hill, New York, 2013, pp. 390-391

Answer 44

Correct Answer: B Fair Information Practice was first developed in the United States in the 1970s by the Department for Health, Education and Welfare (HEW). T Fair Information Practice does not state that there the personal data record-keeping system must be secret. Incorrect Answers: A: HEW Fair Information Practices include that there should be mechanisms for individuals to review data about them, to ensure accuracy. C: HEW Fair Information Practices include ✑ For all data collected there should be a stated purpose ✑ Information collected by an individual cannot be disclosed to other organizations or individuals unless specifically authorized by law or by consent of the individual D: HEW Fair Information Practices include ✑ Records kept on an individual should be accurate and up to date ✑ Data should be deleted when it is no longer needed for the stated purpose References: https://en.wikipedia.org/wiki/Information_privacy_law

Answer 45

Correct Answer: C It is easy for people who are placed in position of trust to commit fraud, as they are considered to be trustworthy. Incorrect Answers: A: A fraudster might very well have a clean legal record. This in conjunction with a position of trust make him/her hard to detect. B: It is most typical that a fraudster conspires with other persons as the fraudster usually acts alone. D: A fraudster can very well follow the accepted norms of society, and this makes him/her harder to detect. References: http://www.justice4you.org/fraud-fraudster.php

Answer 46

Correct Answer: C US-EU Safe Harbor process relates to privacy, that is protection of personal data. The Safe Harbor is a construct that outlines how U.S.-based companies can comply with the EU privacy. The Safe Harbor Privacy Principles states that if a non-European organization wants to do business with a European entity, it will need to adhere to the Safe Harbor requirements if certain types of data will be passed back and forth during business processes Incorrect Answers: A: The US-EU Safe Harbor process does not relate to the integrity of the data. It concerns the privacy of the data. B: The US-EU Safe Harbor process does not relate to the Confidentiality of the data. It concerns the privacy of the data. D: The US-EU Safe Harbor process does not relate to the Confidentiality of the data. It concerns the privacy of the data. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 992

Answer 47

Correct Answer: B Users can obtain certificates with various levels of assurance. Level 1/Class 1 certificates verify electronic mail addresses. This is done through the use of a personal information number that a user would supply when asked to register. This level of certificate may also provide a name as well as an electronic mail address; however, it may or may not be a genuine name (i.e., it could be an alias). This proves that a human being will reply back if you send an email to that name or email address. Class 2/Level 2 verify a users name, address, social security number, and other information against a credit bureau database. Class 3/Level 3 certificates are available to companies. This level of certificate provides photo identification to accompany the other items of information provided by a level 2 certificate. Incorrect Answers: A: Level 1/Class 1 certificates verify electronic mail addresses. They do not verify a user's name, address, social security number, and other information against a credit bureau database. C: Level 3/Class 3 certificates provide photo identification to accompany the other items of information provided by a level 2 certificate. They do not verify a user's name, address, social security number, and other information against a credit bureau database. D: Level 4/Class 4 certificates do not verify a user's name, address, social security number, and other information against a credit bureau database.

Answer 48

Correct Answer: D Requirement 3 of the Payment Card Industry’s Data Security Standard (PCI DSS) is to "protect stored cardholder data." The public assumes merchants and financial institutions will protect data on payment cards to thwart theft and prevent unauthorized use. Requirement 3 applies only if cardholder data is stored. Merchants who do not store any cardholder data automatically provide stronger protection by having eliminated a key target for data thieves. For merchants who have a legitimate business reason to store cardholder data, it is important to understand what data elements PCI DSS allows them to store and what measures they must take to protect those data. To prevent unauthorized storage, only council certified PIN entry devices and payment applications may be used. PCI DSS compliance is enforced by the major payment card brands who established the PCI DSS and the PCI Security Standards Council: American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. PCI DSS Requirement 3 - It details technical guidelines for protecting stored cardholder data. Merchants should develop a data retention and storage policy that strictly limits storage amount and retention time to that which is required for business, legal, and/or regulatory purposes. Sensitive authentication data must never be stored after authorization even if this data is encrypted. ✑ Never store full contents of any track from the cards magnetic stripe or chip (referred to as full track, track, track 1, track 2, or magnetic stripe data). If required for business purposes, the cardholders name, PAN, expiration date, and service code may be stored as long as they are protected in accordance with PCI DSS requirements. ✑ Never store the card-validation code (CVV) or value (three- or four-digit number printed on the front or back of a payment card used to validate card-not- present transactions). ✑ Never store the personal identification number (PIN) or PIN Block. Be sure to mask PAN whenever it is displayed. The first six and last four digits are the maximum number of digits that may be displayed. This requirement does not apply to those authorized with a specific need to see the full PAN, nor does it supersede stricter requirements in place for displays of cardholder data such as in a point-of-sale receipt. Incorrect Answers: A: The Primary Account Number can be stored by the merchant according to the PCI Data Storage Guidelines. B: The Cardholder Name can be stored by the merchant according to the PCI Data Storage Guidelines. C: The Expiration Date can be stored by the merchant according to the PCI Data Storage Guidelines. References: https://www.pcisecuritystandards.org/pdfs/pci_fs_data_storage.pdf

Answer 49

Correct Answer: B Writing is not a component of media viability controls. Media viability controls are implemented to preserve the proper working state of the media, particularly to facilitate the timely and accurate restoration of the system after a failure. Many physical controls should be used to protect the viability of the data storage media. The goal is to protect the media from damage during handling and transportation, or during short-term or long-term storage. Proper marking and labeling of the media is required in the event of a system recovery process: ✑ Marking. All data storage media should be accurately marked or labeled. The labels can be used to identify media with special handling instructions, or to log serial numbers or bar codes for retrieval during a system recovery. ✑ Handling. Proper handling of the media is important. Some issues with the handling of media include cleanliness of the media and the protection from physical damage to the media during transportation to the archive sites. ✑ Storage. Storage of the media is very important for both security and environmental reasons. A proper heat- and humidity-free, clean storage environment should be provided for the media. Data media is sensitive to temperature, liquids, magnetism, smoke, and dust. Incorrect Answers: A: Storage is a media viability control used to protect the viability of data storage media. C: Handling is a media viability control used to protect the viability of data storage media. D: Marking is a media viability control used to protect the viability of data storage media. References: , 2nd Edition, Wiley Publishing, Indianapolis, 2004, p.

Answer 50

Correct Answer: B Atoms and Data - Shon Harris says: "A device that performs degaussing generates a coercive magnetic force that reduces the magnetic flux density of the storage media to zero. This magnetic force is what properly erases data from media. Data are stored on magnetic media by the representation of the polarization of the atoms. Degaussing changes this polarization (magnetic alignment) by using a type of large magnet to bring it back to its original flux (magnetic alignment). " Degaussing is achieved by passing the magnetic media through a powerful magnet field to rearrange the metallic particles, completely removing any resemblance of the previously recorded signal. Therefore, degaussing will work on any electronic based media such as floppy disks, or hard disks - all of these are examples of electronic storage. However, "read-only media" includes items such as paper printouts and CD-ROM which do not store data in an electronic form or is not magnetic storage. Passing them through a magnet field has no effect on them. Not all clearing/ purging methods are applicable to all media for example, optical media is not susceptible to degaussing, and overwriting may not be effective against Flash devices. The degree to which information may be recoverable by a sufficiently motivated and capable adversary must not be underestimated or guessed at in ignorance. For the highest-value commercial data, and for all data regulated by government or military classification rules, read and follow the rules and standards. Incorrect Answers: A: Floppy Disks can be erased by degaussing. C: Video Tapes can be erased by degaussing. D: Magnetic Hard Disks can be erased by degaussing. References: http://www.degausser.co.uk/degauss/degabout.htm http://www.degaussing.net/ http://www.cerberussystems.com/INFOSEC/stds/ncsctg25.htm

Answer 51

Correct Answer: B A device that performs degaussing generates a coercive magnetic force that reduces the magnetic flux density of the storage media to zero. This magnetic force is what properly erases data from media. Data are stored on magnetic media by the representation of the polarization of the atoms. Degaussing changes this polarization (magnetic alignment) by using a type of large magnet to bring it back to its original flux (magnetic alignment). Incorrect Answers: A: A magnetic field is not the electrical device described in the question. C: Magnetic remanence is not the electrical device described in the question. D: Magnetic saturation is not the electrical device described in the question. References: , 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 1282

Answer 52

Correct Answer: A Data diddling refers to the alteration of existing data. Many times, this modification happens before the data is entered into an application or as soon as it completes processing and is outputted from an application. For instance, if a loan processor is entering information for a customers loan of $100,000, but instead enters $150,000 and then moves the extra approved money somewhere else, this would be a case of data diddling. Another example is if a cashier enters an amount of $40 into the cash register, but really charges the customer $60 and keeps the extra $20. This type of crime is extremely common and can be prevented by using appropriate access controls and proper segregation of duties. It will more likely be perpetrated by insiders, who have access to data before it is processed. Incorrect Answers: B: Salami techniques: A salami attack is the one in which an attacker commits several small crimes with the hope that the overall larger crime will go unnoticed. This is not what is described in the question. C: A Trojan Horse is a program that is disguised as another program. This is not what is described in the question. D: A Virus is a small application or a string of code that infects applications. This is not what is described in the question. References: , 6th Edition, McGraw-Hill, 2013, p. 1059

Answer 53

Correct Answer: B The removal of information from a storage medium is called sanitization. Different kinds of sanitization provide different levels of protection. A distinction can be made between clearing information (rendering it unrecoverable by a keyboard attack) and purging (rendering it unrecoverable against laboratory attack). There are three general methods of purging media: overwriting, degaussing, and destruction. There should be continuous assurance that sensitive information is protected and not allowed to be placed in a circumstance wherein a possible compromise can occur. There are two primary levels of threat that the protector of information must guard against: keyboard attack (information scavenging through system software capabilities) and laboratory attack (information scavenging through laboratory means). Procedures should be implemented to address these threats before the Automated Information System (AIS) is procured, and the procedures should be continued throughout the life cycle of the AIS. Incorrect Answers: A: It is not true that clearing completely erases the media or that purging only removes file headers, allowing the recovery of files. C: Clearing does not involve rewriting the media. D: It is not true that clearing renders information unrecoverable against a laboratory attack or purging renders information unrecoverable to a keyboard attack.

Answer 54

Correct Answer: B A sensitivity label is required for every subject and object when using the Mandatory Access Control (MAC) model. The sensitivity label is made up of a classification and different categories. Incorrect Answers: A: The item's classification on its own is incorrect. It has to have a category as well. C: The item's category on its own is incorrect. It has to have a classification as well. D: Need-to-know rules are applied by the categories section of the label. References: , 6th Edition, McGraw-Hill, 2013, p. 223 http://en.wikipedia.org/wiki/Mandatory_Access_Control

Answer 55

Correct Answer: A EUs Data Protection Data Integrity states that Data must be relevant and reliable for the purpose it was collected for. Incorrect Answers: B: EUs Data Protection Directive includes the access directive which states that individuals must be able to access information held about them, and correct or delete it if it is inaccurate. C: EUs Data Protection Directive includes the Onward Transfer directive which states that transfers of data to third parties may only occur to other organizations that follow adequate data protection principles. D: EUs Data Protection Directive includes the Data Integrity directive which states that Data must be relevant and reliable for the purpose it was collected for. References: , 6th Edition, McGraw-Hill, New York, 2013, pp. 1064-1065

Answer 56

Correct Answer: A Computers and the information processed on them usually have a direct relationship with a companys critical missions and objectives. Because of this level of importance, senior management should make protecting these items a high priority and provide the necessary support, funds, time, and resources to ensure that systems, networks, and information are protected in the most logical and cost-effective manner possible. For a companys security plan to be successful, it must start at the top level and be useful and functional at every single level within the organization. Senior management needs to define the scope of security and identify and decide what must be protected and to what extent. Incorrect Answers: B: The data owner can grant access to the data. However, the data owner should not decide how a company should approach security and what security measures should be implemented. C: Systems Auditors ensure the appropriate security controls are in place. However, they should not decide how a company should approach security and what security measures should be implemented. D: The information security specialist may be the ones who implement the security measures. However, they should not decide how a company should approach security and what security measures should be implemented. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 101

Answer 57

Correct Answer: B Information security is made up of the following main attributes: Availability - Prevention of loss of, or loss of access to, data and resources ✑ Integrity - Prevention of unauthorized modification of data and resources ✑ Confidentiality - Prevention of unauthorized disclosure of data and resources Incorrect Answers: A: Authenticity is an attribute that stems from the three main attributes. C: Information security is made up of three main attributes, which includes confidentiality. D: Authenticity is an attribute that stems from the three main attributes. References: , 6th Edition, McGraw-Hill, 2013, pp. 298, 299

Answer 58

Correct Answer: A Maintaining appropriate temperature and humidity is important in any facility, especially facilities with computer systems. Improper levels of either can cause damage to computers and electrical devices. Lower temperatures can cause mechanisms to slow or stop, and higher temperatures can cause devices to use too much fan power and eventually shut down. Damage can start to occur on magnetic media at 100 degrees Fahrenheit or 37'7 Celsius. Incorrect Answers: B: Damage can start to occur on magnetic media at 100 degrees Fahrenheit, not 125 degrees Fahrenheit. Therefore, this answer is incorrect. C: Damage can start to occur on magnetic media at 100 degrees Fahrenheit, not 150 degrees Fahrenheit. Therefore, this answer is incorrect. D: Damage can start to occur on magnetic media at 100 degrees Fahrenheit, not 175 degrees Fahrenheit. Damage can start to occur in computer systems and peripheral devices at 175 degrees Fahrenheit. Therefore, this answer is incorrect. References: , 6th Edition, McGraw-Hill, 2013, p. 466

Answer 59

Correct Answer: A A system that employs the Bell-LaPadula model is called a multilevel security system because users with different clearances use the system, and the system processes data at different classification levels. The level at which information is classified determines the handling procedures that should be used. The Bell- LaPadula model is a state machine model that enforces the confidentiality aspects of access control. A matrix and security levels are used to determine if subjects can access different objects. The subjects clearance is compared to the objects classification and then specific rules are applied to control how subject-to-object interactions can take place. This model uses subjects, objects, access operations (read, write, and read/write), and security levels. Subjects and objects can reside at different security levels and will have relationships and rules dictating the acceptable activities between them. Incorrect Answers: B: The Biba Model is a formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity. This is not what is described in the question. C: An access control matrix is a table of subjects and objects indicating what actions individual subjects can take upon individual objects. This is not what is described in the question. D: The take-grant protection model is used to establish or disprove the safety of a given computer system that follows specific rules. This is not what is described in the question. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 229

Answer 60

Correct Answer: A The U.S. Department of Defense developed the Trusted Computer System Evaluation Criteria (TCSEC), which was used to evaluate operating systems, applications, and different products. These evaluation criteria are published in a book known as the Orange Book. TCSEC provides a classification system that is divided into hierarchical divisions of assurance levels: A. Verified protection - B. Mandatory protection - C. Discretionary protection - D. Minimal protection - Classification A represents the highest level of assurance, and D represents the lowest level of assurance. Level B: Mandatory Protection: Mandatory access control is enforced by the use of security labels. The architecture is based on the Bell-LaPadula security model, and evidence of reference monitor enforcement must be available. Incorrect Answers: B: Level A is defined as verified protection, not mandatory protection. C: Level C is defined as discretionary protection, not mandatory protection. D: Level D is defined as minimal security, not mandatory protection. References: , 6th Edition, McGraw-Hill, New York, 2013, pp. 392, 395

Answer 61

Correct Answer: A National Information Assurance Certification and Accreditation Process (NIACAP), establishes the minimum national standards for certifying and accrediting national security systems. This process provides a standard set of activities, general tasks, and a management structure to certify and accredit systems that will maintain the Information Assurance (IA) and security posture of a system or site. This process focuses on an enterprise-wide view of the information system (IS) in relation to the organizations mission and the IS business case. Incorrect Answers: B: The DoD Information Assurance Certification and Accreditation Process (DIACAP) is a United States Department of Defense (DoD) process that means to ensure that companies and organizations apply risk management to information systems (IS). This is not what is described in the question. C: HIPAA is the federal Health Insurance Portability and Accountability Act of 1996. The primary goal of the law is to make it easier for people to keep health insurance, protect the confidentiality and security of healthcare information and help the healthcare industry control administrative costs. This is not what is described in the question. D: Trusted Computer System Evaluation Criteria (TCSEC) is a United States Government Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system. This is not what is described in the question. References: http://infohost.nmt.edu/~sfs/Regs/nstissi_1000.pdf

Answer 62

Correct Answer: B The U.S. Department of Defense developed the Trusted Computer System Evaluation Criteria (TCSEC), which was used to evaluate operating systems, applications, and different products. These evaluation criteria are published in a book known as the Orange Book. TCSEC provides a classification system that is divided into hierarchical divisions of assurance levels: A. Verified protection - B. Mandatory protection - C. Discretionary protection - D. Minimal security - Classification A represents the highest level of assurance, and D represents the lowest level of assurance. Each division can have one or more numbered classes with a corresponding set of requirements that must be met for a system to achieve that particular rating. The classes with higher numbers offer a greater degree of trust and assurance. So B2 would offer more assurance than B1, and C2 would offer more assurance than C1. Incorrect Answers: A: B1 has a lower level of trust than B2. C: F6 is not a valid rating. D: Division C has a lower level of trust than division B. References: , 6th Edition, McGraw-Hill, New York, 2013, pp. 392-393

Answer 63

Correct Answer: B The U.S. Department of Defense developed the Trusted Computer System Evaluation Criteria (TCSEC), which was used to evaluate operating systems, applications, and different products. These evaluation criteria are published in a book known as the Orange Book. TCSEC provides a classification system that is divided into hierarchical divisions of assurance levels: A. Verified protection - B. Mandatory protection - C. Discretionary protection - D. Minimal security - Classification A represents the highest level of assurance, and D represents the lowest level of assurance. Each division can have one or more numbered classes with a corresponding set of requirements that must be met for a system to achieve that particular rating. There is only one class in Division D. It is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions. Incorrect Answers: A: Division A is the highest level. C: The lowest division/level (reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions) is D, not E. D: The lowest division/level (reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions) is D, not F. References: , 6th Edition, McGraw-Hill, New York, 2013, pp. 392-393

Answer 64

Correct Answer: C Data diddling refers to the alteration of existing data. Many times, this modification happens before the data is entered into an application or as soon as it completes processing and is outputted from an application. For instance, if a loan processor is entering information for a customers loan of $100,000, but instead enters $150,000 and then moves the extra approved money somewhere else, this would be a case of data diddling. Another example is if a cashier enters an amount of $40 into the cash register, but really charges the customer $60 and keeps the extra $20. This type of crime is extremely common and can be prevented by using appropriate access controls and proper segregation of duties. It will more likely be perpetrated by insiders, who have access to data before it is processed. Incorrect Answers: A: IP Spoofing attacks are more commonly performed by outsiders. B: Password sniffing can be performed by insiders or outsiders. However, Data Diddling is MORE commonly performed by insiders. D: Most Denial of service attacks occur over the internet and are performed by outsiders. References: , 6th Edition, McGraw-Hill, 2013, p. 1059

Answer 65

Correct Answer: D Employees represent the leading source of computer crime losses. This can be through hardware theft, data theft, physical damage and interruptions to services. Laptop theft is increasing at incredible rates each year. They have been stolen for years, but in the past they were stolen mainly to sell the hardware. Now laptops are also being stolen to gain sensitive data for identity theft crimes. Since employees use laptops as they travel, they may have extremely sensitive company or customer data on their systems that can easily fall into the wrong hands. Incorrect Answers: A: Losses caused by hackers can be high. However, this is rare in comparison to losses caused by employees. B: Losses caused by industrial saboteurs can be high. However, this is very rare in comparison to losses caused by employees. C: Foreign intelligence officers are not a cause of computer crime losses. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 457

Answer 66

Correct Answer: A E-mail encryption solutions such as S/MIME have been available for a long time. These encryption solutions have seen varying degrees of adoption in organizations of different types. However, such solutions present some challenges: Inability to apply messaging policies: Organizations also face compliance requirements that require inspection of messaging content to make sure it adheres to messaging policies. However, messages encrypted with most client-based encryption solutions, including S/MIME, prevent content inspection on the server. Without content inspection, an organization can't validate that all messages sent or received by its users comply with messaging policies. Decreased security: Antivirus software is unable to scan encrypted message content, further exposing an organization to risk from malicious content such as viruses and worms. Encrypted messages are generally considered to be trusted by most users, thereby increasing the likelihood of a virus spreading throughout your organization. Incorrect Answers: B: Virus scanning and content inspection of S/MIME encrypted e-mail is not possible even with a key recovery scheme of all user keys. C: Virus scanning and content inspection of S/MIME encrypted e-mail is not possible even if X509 Version 3 certificates are used. D: Using "brute force" decryption on S/MIME encrypted e-mail for the purpose of virus scanning and content inspection is not practical and unlikely to be successful. References: https://technet.microsoft.com/en-us/library/dd638122(v=exchg.150).aspx

Answer 67

Correct Answer: A Steganography allows you to hide data in another media type, concealing the very existence of the data. Incorrect Answers: B, D: Alternate data stream (ADS) is a feature of Windows New Technology File System (NTFS) that includes metadata for locating a specific file by author or title. C: Encryption is a method of transforming readable data into a form that appears to be random and unreadable. References: , 6th Edition, McGraw-Hill, 2013, pp. 774 http://searchsecurity.techtarget.com/definition/alternate-data-stream

Answer 68

Correct Answer: B Digital watermarking is defined as "Computing techniques for inseparably embedding unobtrusive marks or labels as bits in digital data -- text, graphics, images, video, or audio -- and for detecting or extracting the marks later." A "digital watermark", i.e., the set of embedded bits, is sometimes hidden, usually imperceptible, and always intended to be unobtrusive. Depending on the particular technique that is used, digital watermarking can assist in proving ownership, controlling duplication, tracing distribution, ensuring data integrity, and performing other functions to protect intellectual property rights. Incorrect Answers: A: Steganography is a method of hiding data in another media type so the very existence of the data is concealed. Digital Watermarking is considered to be a type of steganography. However, steganography is not what is described in the question. C: A digital envelope is another term used to describe hybrid cryptography where a message is encrypted with a symmetric key and the symmetric key is encrypted with an asymmetric key. This is not what is described in the question. D: A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document. This is not what is described in the question. References: http://tools.ietf.org/html/rfc4949

Answer 69

Correct Answer: B A Protocol Analyzer (also known as a packet sniffer) is a useful tool for testing or troubleshooting network communications. A Protocol Analyzer is a hardware device or more commonly a software program used to capture network data communications sent between devices on a network. Capturing packets sent from a computer system is known as packet sniffing. The ability to browse information passing on a network is a security risk which means access to a protocol analyzer should be carefully managed and therefore addressed by security policy. Incorrect Answers: A: Damage to test equipment is not a security risk so does not need to be addressed by security policy. C: Test equipment is generally not difficult to replace if lost or stolen. Even if it was, that would not constitute a security risk so it would not need to be addressed by security policy. D: The need for test equipment to always be available for the maintenance personnel would not constitute a security risk so it would not need to be addressed by security policy.

Answer 70

Correct Answer: C Personnel represent the leading source of computer crime losses. This can be through hardware theft, data theft, physical damage and interruptions to services. Laptop theft is increasing at incredible rates each year. They have been stolen for years, but in the past they were stolen mainly to sell the hardware. Now laptops are also being stolen to gain sensitive data for identity theft crimes. Since employees use laptops as they travel, they may have extremely sensitive company or customer data on their systems that can easily fall into the wrong hands. Incorrect Answers: A: Losses caused by industrial outside espionage can be high. However, this is very rare in comparison to losses caused by personnel. B: Losses caused by hackers can be high. However, this is rare in comparison to losses caused by personnel. D: Equipment failure can be a cause of security issues. However, security issues caused by personnel are more common. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 457

Answer 71

Correct Answer: B A password that is the same for each log-on is called a static password. A password that changes with each log-on is termed a dynamic password. The changing of passwords can also fall between these two extremes. Passwords can be required to change monthly, quarterly, or at other intervals, depending on the criticality of the information needing protection and the passwords frequency of use. Obviously, the more times a password is used, the more chance there is of it being compromised. Incorrect Answers: A: This answer is not complete. Passwords can also be required to change depending on the password's frequency of use. C: This answer is not complete. Passwords can also be required to change depending on the criticality of the information needing protection. D: Passwords CAN be required to change depending on the criticality of the information needing protection. References: , Wiley Publishing, Indianapolis, 2007, p. 57

Answer 72

Correct Answer: B Each organization is different in its size, security posture, threat profile, and security budget. One organization may have one individual responsible for information risk management (IRM) or a team that works in a coordinated manner. The overall goal of the team is to ensure the company is protected in the most cost- effective manner. Incorrect Answers: A: Not all identified risks are mitigated. Some risks are accepted. C: It is not true that computer security should be first and foremost examined in both monetary and non-monetary terms. D: It is not true that computer security should be first and foremost proportionate to the value of IT systems. The value of IT systems does not necessarily mean that more or less security is required. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 87

Answer 73

Correct Answer: C Both the system owner and the information owner (data owner) are responsible for ensuring that proper controls are in place to address integrity, confidentiality, and availability of IT systems and data. The system owner is responsible for one or more systems, each of which may hold and process data owned by different data owners. A system owner is responsible for integrating security considerations into application and system purchasing decisions and development projects. The system owner is responsible for ensuring that adequate security is being provided by the necessary controls, password management, remote access controls, operating system configurations, and so on. This role must ensure the systems are properly assessed for vulnerabilities and must report any to the incident response team and data owner. The data owner (information owner) is usually a member of management who is in charge of a specific business unit, and who is ultimately responsible for the protection and use of a specific subset of information. The data owner has due care responsibilities and thus will be held responsible for any negligent act that results in the corruption or disclosure of the data. The data owner decides upon the classification of the data she is responsible for and alters that classification if the business need arises. This person is also responsible for ensuring that the necessary security controls are in place, defining security requirements per classification and backup requirements, approving any disclosure activities, ensuring that proper access rights are being used, and defining user access criteria. The data owner approves access requests or may choose to delegate this function to business unit managers. Incorrect Answers: A: Business and functional managers are not responsible for ensuring that proper controls are in place to address integrity, confidentiality, and availability of IT systems and data. B: IT Security practitioners implement the security controls. However, they are not ultimately responsible for ensuring that proper controls are in place to address integrity, confidentiality, and availability of IT systems and data. D: The Chief Information Officer (CIO) is responsible for the strategic use and management of information systems and technology within the organization. The CIO is not responsible for ensuring that proper controls are in place to address integrity, confidentiality, and availability of IT systems and data. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 121

Answer 74

Correct Answer: D Add-on security is defined as "Security protection mechanisms that are hardware or software retrofitted to a system to increase that system’s protection level." Incorrect Answers: A: Add-on security can be physical security (hardware) but it is often software as well. B: An add-on is something added to an existing system; it is not an integral part of a system. C: Add-on security can be a layer of security. However, layered security does not refer specifically to security add-ons.

Answer 75

Correct Answer: D Add-on security is defined as "Security protection mechanisms that are hardware or software retrofitted to a system to increase that system’s protection level." Incorrect Answers: A: Add-on security can be physical security (hardware) but it is often software as well. B: An add-on is something added to an existing system; it is not an integral part of a system. C: Add-on security can be a layer of security. However, layered security does not refer specifically to security add-ons.

Answer 76

Correct Answer: B The objective of separation of duties is to ensure that one person acting alone cannot compromise the companys security in any way. High-risk activities should be broken up into different parts and distributed to different individuals or departments. That way, the company does not need to put a dangerously high level of trust in certain individuals. For fraud to take place, collusion would need to be committed, meaning more than one person would have to be involved in the fraudulent activity Job rotation in the workplace is a system where employees work at several jobs in a business, performing each job for a relatively short period of time. Job rotation in the workplace is a system where employees work at several jobs in a business, performing each job for a relatively short period of time. By moving people willing to collude to commit fraud, we can reduce the risk of collusion. Incorrect Answers: A: Least privilege means an individual should have just enough permissions and rights to fulfill his role in the company and no more. It is not the best control for reducing collusion. C: Separation of Duties prevents one person being able to commit fraud. With separation of duties, collusion between two or more people would be required to commit the fraud. However, separation of duties does not prevent the collusion. D: Mandatory vacations are a way of detecting fraud. If a fraudulent activity stops while an employee is on vacation, it is easy to determine who was committing the fraud. Mandatory vacations do not prevent the collusion. References: , 6th Edition, McGraw-Hill, New York, 2013, pp. 1235-1236

Answer 77

Correct Answer: D The Control Objectives for Information and related Technology (CobiT) is a framework and set of control objectives developed by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI). It defines goals for the controls that should be used to properly manage IT and to ensure that IT maps to business needs. CobiT is broken down into four domains: Plan and Organize, Acquire and Implement, Deliver and Support, and Monitor and Evaluate. Incorrect Answers: A: Maintain and Implement is not one of the four domains; it should be Acquire and Implement. B: Support and Purchase is not one of the four domains; it should be Deliver and Support. C: This answer is missing the first domain, Plan and Organize. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 55

Answer 78

Correct Answer: A COSO is a model for corporate governance, and CobiT is a model for IT governance. COSO deals more at the strategic level, while CobiT focuses more at the operational level. You can think of CobiT as a way to meet many of the COSO objectives, but only from the IT perspective. COSO deals with non-IT items also, as in company culture, financial accounting principles, board of director responsibility, and internal communication structures. COSO was formed to provide sponsorship for the National Commission on Fraudulent Financial Reporting, an organization that studies deceptive financial reports and what elements lead to them. There have been laws in place since the 1970s that basically state that it was illegal for a corporation to cook its books (manipulate its revenue and earnings reports), but it took the SarbanesOxley Act (SOX) of 2002 to really put teeth into those existing laws. SOX is a U.S. federal law that, among other things, could send executives to jail if it was discovered that their company was submitting fraudulent accounting findings to the Security Exchange Commission (SEC). SOX is based upon the COSO model, so for a corporation to be compliant with SOX, it has to follow the COSO model. Companies commonly implement ISO/IEC 27000 standards and CobiT to help construct and maintain their internal COSO structure. Incorrect Answers: B: It is not the main purpose of COSO to define a sound risk management approach within financial companies. C: It is not the main purpose of COSO to address corporate culture and policy development. D: COSO is not a risk management system used for the protection of federal systems. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 59

Answer 79

Correct Answer: B War dialing is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, Bulletin board systems and fax machines. Hackers use the resulting lists for various purposes: hobbyists for exploration, and crackers - malicious hackers who specialize in computer security - for guessing user accounts (by capturing voicemail greetings), or locating modems that might provide an entry-point into computer or other electronic systems. It may also be used by security personnel, for example, to detect unauthorized devices, such as modems or faxes, on a company's telephone network. To prevent possible intrusion or damage from wardialing attacks, you should configure the system to require authentication before a network connection can be established. This will ensure that an attacker cannot gain access to the network without knowing a username and password. Incorrect Answers: A: Monitoring wardialing attacks would not prevent an attacker gaining access to the network. It would just tell you that at attack has happened. C: Making sure only necessary phone numbers are made public will not protect against intrusion. An attacker would still be able to gain access through one of the necessary phone numbers. D: Using completely different numbers for voice and data accesses will not protect against intrusion. An attacker would still be able to gain access through one of the data access phone numbers. References: http://en.wikipedia.org/wiki/War_dialing

Answer 80

Correct Answer: D Mandatory access control (MAC) is an access policy that restricts access to objects based on the security clearance of a subject and the classification of an object. Incorrect Answers: A: Role-based access control (RBAC) provides access to resources according to the role the user holds within the company or the tasks that the user has been assigned. B: Access in a DAC model is restricted based on the authorization granted to the users. C: Non-discretionary access control is when the system administrator or a single management body within an organization centrally controls access to all resources for everybody on a network. References: , 6th Edition, McGraw-Hill, 2013, pp. 220-228 http://www.answers.com/Q/What_is_Non_discretionary_access_control

Answer 81

Correct Answer: C An attack by an authorized user is known as an inside attack. An insider attack is a malicious attack perpetrated on a network or computer system by a person with authorized system access. Insiders that perform attacks have a distinct advantage over external attackers because they have authorized system access and also may be familiar with network architecture and system policies/procedures. In addition, there may be less security against insider attacks because many organizations focus on protection from external attacks. An insider attack is also known as an insider threat. Incorrect Answers: A: In an active attack, the attacker attempts to make changes to data on the target or data as it is transmitted to the target. An attack by an authorized user could be an active type of attack but it is not known as an active attack. B: An attack by an authorized user is not known as an outside attack. D: In a passive attack, the attacker attempts to learn information but does not affect resources. An attack by an authorized user could be passive in nature but it is not known as a passive attack. References: https://www.techopedia.com/definition/26217/insider-attack

Answer 82

Correct Answer: A In security circles, people are often the weakest link. Either accidentally through mistakes or lack of training, or intentionally through fraud and malicious intent, personnel cause more serious and hard-to-detect security issues than hacker attacks, outside espionage, or equipment failure. A common accidental access violation is a user discovering a feature of an application that they should not be accessing. Incorrect Answers: B: Most access violations are not caused by internal hackers. C: Most access violations are not caused by external hackers. D: Most access violations are not related to Internet. References: , 6th Edition, McGraw-Hill, 2013, p. 129

Answer 83

Correct Answer: B Tripwire is a tool that detects when files have been altered by regularly recalculating hashes of them and storing the hashes in a secure location. The product triggers when changes to the files have been detected. By using cryptographic hashes, tripwire is often able to detect subtle changes. Contrast: The simplistic form of tripwire is to check file size and last modification time. l0phtcrack, OphCrack and John the Ripper are password cracking tools and are therefore more likely to be used by hackers than Tripwire. Incorrect Answers: A: l0phtcrack is used to test password strength and sometimes to recover lost Microsoft Windows passwords, by using dictionary, brute-force, hybrid attacks, and rainbow tables. It is more likely to be used by a hacker than Tripwire. C: Ophcrack is a free Windows password cracker based on rainbow tables. It is more likely to be used by a hacker than Tripwire. D: John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. It is more likely to be used by a hacker than Tripwire. References: http://linux.about.com/cs/linux101/g/tripwire.htm

Answer 84

orrect Answer: D Logon abuse refers to legitimate users accessing networked services that would normally be restricted to them. Unlike network intrusion, this type of abuse focuses primarily on those users who may be internal to the network, legitimate users of a different system, or users who have a lower security classification. Incorrect Answers: A: Spoofing refers to an attacker deliberately inducing a user (subject) or device (object) into taking an incorrect action by giving it incorrect information. This is not what is described in the question. B: Piggy-backing refers to an attacker gaining unauthorized access to a system by using a legitimate users connection. A user leaves a session open or incorrectly logs off, enabling an attacker to resume the session. This is not what is described in the question. C: Eavesdropping is the unauthorized interception of network traffic. This is not what is described in the question. References: , Wiley Publishing, Indianapolis, 2007, p. 173

Answer 85

Correct Answer: D Privilege is a term used to describe what a user can do on a computer or system. It covers rights, access and permissions. A user who has more computer rights, permissions, and access than what is required for the tasks the user needs to fulfill is said to have excessive privileges. Incorrect Answers: A: Rights are just one aspect of what a user can do with a computer or system. Access and permissions are other aspects. Privileges cover all three. B: Access is just one aspect of what a user can do with a computer or system. Rights and permissions are other aspects. Privileges cover all three. C: Permissions are just one aspect of what a user can do with a computer or system. Access and rights are other aspects. Privileges cover all three.

Answer 86

Correct Answer: A Typical security administrator functions may include the following: ✑ Setting user clearances, initial passwords, and other security characteristics for new users ✑ Changing security profiles for existing users ✑ Setting or changing file sensitivity labels ✑ Setting the security characteristics of devices and communications channels ✑ Reviewing audit data Incorrect Answers: B: System operators provide day-to-day operations of computer systems. They do not perform the tasks listed in the question. C: Data owners are primarily responsible for determining the datas sensitivity or classification levels. They can also be responsible for maintaining the informations accuracy and integrity. They do not perform the tasks listed in the question. D: Data custodians are delegated the responsibility of protecting data by its owner. They do not perform the tasks listed in the question. References: , John Wiley & Sons, New York, 2001, p. 211

Answer 87

Correct Answer: C Under the principle of separation of duties, an operator should not be performing data entry. This should be left to data entry personnel. System operators represent a class of users typically found in data center environments where mainframe systems are used. They provide day-to-day operations of the mainframe environment, ensuring that scheduled jobs are running effectively and troubleshooting problems that may arise. They also act as the arms and legs of the mainframe environment, load and unloading tape and results of job print runs. Operators have elevated privileges, but less than those of system administrators. If misused, these privileges may be used to circumvent the systems security policy. As such, use of these privileges should be monitored through audit logs. Incorrect Answers: A: Implementing the initial program load is a function that should be performed by an operator. B: Monitoring execution of the system is a function that should be performed by an operator. D: Controlling job flow is a function that should be performed by an operator.

Answer 88

Correct Answer: D Of the listed tasks, installing system software is the only task that should normally be performed by an operator in a properly segregated environment. Incorrect Answers: A: Changing profiles should not be performed by an operator; this should be performed by a security administrator. B: Approving changes should not be performed by an operator; this should be performed by a change control analyst or panel. C: Adding and removal of users should not be performed by an operator; this should be performed by a security administrator.

Answer 89

Correct Answer: B Object reuse requirements, applying to systems rated TCSEC C2 and above, are used to protect files, memory, and other objects in a trusted system from being accidentally accessed by users who are not authorized to access them. Deleting files on disk before reusing the space does not meet this requirement and is therefore not appropriate in addressing object reuse. Deleting files on disk merely erases file headers in a directory structure. It does not clear data from the disk surface, thus making files still recoverable. All other options involve clearing used space, preventing any unauthorized access. Incorrect Answers: A: Degaussing magnetic tapes when they're no longer needed protects files from unauthorized access by destroying the data on the tapes. This is a valid method of addressing object reuse. C: Clearing memory blocks before they are allocated to a program or data removes any residual data from the memory thus preventing unauthorized access. This is a valid method of addressing object reuse. D: Clearing buffered pages, documents, or screens from the local memory of a terminal or printer removes any residual data from the memory thus preventing unauthorized access. This is a valid method of addressing object reuse.

Answer 90

Correct Answer: A Allowing objects to be used sequentially by multiple users without a refresh of the objects can lead to disclosure of residual data. It is important that steps be taken to eliminate the chance for the disclosure of residual data. Object reuse refers to the allocation or reallocation of system resources to a user or, more appropriately, to an application or process. Applications and services on a computer system may create or use objects in memory and in storage to perform programmatic functions. In some cases, it is necessary to share these resources between various system applications. However, some objects may be employed by an application to perform privileged tasks on behalf of an authorized user or upstream application. If object usage is not controlled or the data in those objects is not erased after use, they may become available to unauthorized users or processes. Disclosure of residual data and Unauthorized obtaining of a privileged execution state are both a problem with shared memory and resources. Not clearing the heap/stack can result in residual data and may also allow the user to step on somebody's session if the security token/identify was maintained in that space. This is generally more malicious and intentional than accidental though. The MOST common issue would be Disclosure of residual data. Incorrect Answers: B: Unauthorized obtaining of a privileged execution state is not a problem with Object Reuse. C: A covert channel is a communication path. Data leakage would not be a problem created by Object Reuse. In computer security, a covert channel is a type of computer security attack that creates a capability to transfer information objects between processes that are not supposed to be allowed to communicate by the computer security policy. The term, originated in 1973 by Lampson is defined as "(channels) not intended for information transfer at all, such as the service program's effect on system load." to distinguish it from Legitimate channels that are subjected to access controls by COMPUSEC. D: Denial of service through a deadly embrace is not a problem with Object Reuse. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 424 https://www.fas.org/irp/nsa/rainbow/tg018.htm http://en.wikipedia.org/wiki/Covert_channel

Answer 91

Correct Answer: B Human-unintentional threats represent the most common source of disasters. Examples of human unintentional threats are primarily those that involve inadvertent errors and omissions, in which the person, through lack of knowledge, laziness, or carelessness, serves as a source of disruption. Incorrect Answers: A: A more knowledgeable fraudster would increase the risk of Computer Crimes, but it is less of a factor compared to human carelessness. C: Collusion makes computer crimes possible, but human carelessness is the main factor. D: System design flaws makes computer crimes possible, but human carelessness is the main factor. References: , 2nd Edition, Syngress, Waltham, 2012, p. 347

Answer 92

Correct Answer: B Early in a system development project, there is a requirements gathering phase when everyone involved attempts to understand why the project is needed and what the scope of the project entails. During this phase, the team examines the softwares requirements and proposed functionality, brainstorming sessions take place, and obvious restrictions are reviewed. As end users will be the people using the system, they are most likely to have the most valuable input into the system requirements definition. When the requirements are determined and the system is developed, user testing will ensure the system meets the requirements defined in the early project stages. Incorrect Answers: A: This question is asking for the answer that will MOST likely ensure that a system development project meets business objectives. Tests run by different individuals will provide a better test to ensure system meets the requirements. However, user involvement in system requirements and specification stage will make it more likely that the system is developed to meet the requirements. C: Development of a project plan identifying all development activities will not ensure the system meets business objectives if the initial design of the system is not what is required. D: Strict deadlines and budgets will ensure the project is completed on time and within budget. However, it will have no effect on whether the system meets business objectives.

Answer 93

Correct Answer: B Within the SDLC framework Security Accreditation is obtained during the Implementation Phase, more specifically during Testing and evaluation control. Incorrect Answers: A: Security Accreditation is not used during the Functional Requirements Phase. It is used later during the Implementation phase. C: Security Accreditation is not used during the Acceptance Phase. It is used earlier during the Implementation phase. D: Security Accreditation is not used during the Postinstallation Phase. It is used earlier during the Implementation phase. References: , 2nd Edition, Syngress, Waltham, 2012, p. 1088

Answer 94

Correct Answer: D The systems development life cycle (SDLC), also referred to as the application development life-cycle, is a term used in systems engineering, information systems and software engineering to describe a process for planning, creating, testing, and deploying an information system. The systems development life-cycle concept applies to a range of hardware and software configurations, as a system can be composed of hardware only, software only, or a combination of both. The most important stages of the systems development life cycle are the early requirement gathering and design phases. If the system requirements are not correctly determined, the system will not meet the needs of the business and users. A: This question is asking for the MOST serious risk. A project completed late is inconvenient but a system that fails to meet business and user needs is a more serious risk. B: This question is asking for the MOST serious risk. A project that exceeds cost estimates is a pain but a system that fails to meet business and user needs is a more serious risk. C: This question is asking for the MOST serious risk. A project that is incompatible with existing systems is not good but new systems could be deployed. However, a system that fails to meet business and user needs is no good to anyone. References: https://en.wikipedia.org/wiki/Systems_development_life_cycle

Answer 95

Correct Answer: A The system development life cycle (SDLC) is the process of developing an information system. The SDLC includes the Initiation, Development and Acquisition, Implementation, Operation and Maintenance and Disposal phases. The initiation phase includes determining the systems goals and feasibility. The systems feasibility includes its system requirements and how well they match with operational processes. The requirements of a contingency plan should be analyzed based on the systems requirements and design. Incorrect Answers: B: Contingency planning is most important in the initiation phase, not the Development/acquisition phase. It is important to create a contingency plan in the earliest possible stage of a project. C: Contingency planning is most important in the initiation phase, not the Implementation phase. The contingency plan should be created before the system is implemented. D: Contingency planning is most important in the initiation phase, not the operation/maintenance phase. It is important to create a contingency plan in the earliest possible stage of a project, not after the system has been deployed. References: , Cengage Learning, Andover, 2010, pp 4-11

Answer 96

Correct Answer: C In the Operation/maintenance phase the system is used and cared for. Proper authentication of the users and processes must be developed in this phase. Incorrect Answers: A: In the Acquisition/development the new system is either created or purchased. The main concern of this phase is not the authentication of users and processes. B: In the implementation phase the new system is installed into production environment. The main concern of this phase is not the authentication of users and processes. D: In the Initiation phase the need for a new system is defined. Authentication of users and processes is not a major concern of this phase. References: , 2nd Edition, Syngress, Waltham, 2012, p. 1087

Answer 97

Correct Answer: D Acceptance testing is used to ensure that the code meets customer requirements. If this testing is passed the user's needs have been met. Incorrect Answers: A: The final stage is accreditation, which is managements, but not the users', formal approval. B: Certification involves testing the newly purchased product within the companys environment. Certification does not confirm that the users' need have been met. C: Assurance is a measurement of confidence in the level of protection that a specific security control delivers and the degree to which it enforces the security policy. References: , 2nd Edition, Syngress, Waltham, 2012, p. 1105

Answer 98

Correct Answer: D Preaction systems are similar to dry pipe systems in that the water is not held in the pipes, but is released when the pressurized air within the pipes is reduced. Once this happens, the pipes are filled with water, but it is not released right away. A thermal-fusible link on the sprinkler head has to melt before the water is released. The purpose of combining these two techniques is to give people more time to respond to false alarms or to small fires that can be handled by other means. Putting out a small fire with a handheld extinguisher is better than losing a lot of electrical equipment to water damage. These systems are usually used only in data processing environments rather than the whole building, because of the higher cost of these types of systems. Incorrect Answers: A: Wet pipe systems always contain water in the pipes and are usually discharged by temperature controllevel sensors. This type is not the most recommended water system for a computer room because this system provides no time to respond to false alarms or to small fires that can be handled by other means. Therefore, this answer is incorrect. B: In dry pipe systems, the water is not actually held in the pipes. The water is contained in a "holding tank" until it is released. This type is not the most recommended water system for a computer room because this system provides no time to respond to false alarms or to small fires that can be handled by other means. Therefore, this answer is incorrect. C: A deluge system has its sprinkler heads wide open to allow a larger volume of water to be released in a shorter period. Because the water being released is in such large volumes, these systems are usually not used in data processing environments. This type is not the most recommended water system for a computer room. Therefore, this answer is incorrect. References: , 6th Edition, McGraw-Hill, 2013, pp. 474-475

Answer 99

Correct Answer: D The optical unit of the iris pattern biometric system must be positioned so that the sun does not shine into the aperture. Incorrect Answers: A: Iris recognition systems do not use laser like beams. B: With iris scans, the kind of errors that can occur during the authentication process is reduced because the iris remains constant through adulthood. C: Extreme resistance to false matching is an advantage of iris recognition. References: , 6th Edition, McGraw-Hill, 2013, p. 191 https://en.wikipedia.org/wiki/Iris_recognition

Answer 100

Correct Answer: A The Bell-LaPadula model is a security model, not a Security and Audit Frameworks and Methodology. The Bell-LaPadula model is a subject-to-object model. An example would be how you (subject) could read a data element (object) from a specific database and write data into that database. The Bell-LaPadula model focuses on ensuring that subjects are properly authenticatedby having the necessary security clearance, need to know, and formal access approvalbefore accessing an object. The Control Objectives for Information and related Technology (CobiT) is a framework and set of control objectives developed by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI). It defines goals for the controls that should be used to properly manage IT and to ensure that IT maps to business needs. CobiT was derived from the COSO framework, developed by the Committee of Sponsoring Organizations (COSO) of the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting. The Information Technology Infrastructure Library (ITIL) is the de facto standard of best practices for IT service management. ITIL is a customizable framework that is provided in a set of books or in an online format. Incorrect Answers: B: Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a Security and Audit Frameworks and Methodology. C: IT Infrastructure Library (ITIL) is a Security and Audit Frameworks and Methodology. D: Control Objectives for Information and related Technology (COBIT) is a Security and Audit Frameworks and Methodology. References: , 6th Edition, McGraw-Hill, New York, 2013, pp. 55-60, 369

Answer 101

Correct Answer: D Requirements, including security requirements, are formalized in the Functional Requirements Definition phase. Incorrect Answers: A: Disposal activities need to ensure that an orderly termination of the system takes place and that all necessary data are preserved. Security requirements are not formalized at the disposal phase. B: Within the Systems Development Life Cycle (DSLC) model the design phase, also known as the System Design Specifications phase, transforms requirements, including the security requirements, into a complete System Design Document. C: In the implementation phase the system is implemented into a product production environment. The security requirements have already been developed long before this phase. References: , 2nd Edition, Syngress, Waltham, 2012, p. 1095

Answer 102

Correct Answer: C Within the System Development Life-cycle (SDLC) model, security is critical in each phase of the life cycle. Incorrect Answers: A: Security is critical to each phase of the SDLC model, not only the initiation phase. B: Security is critical to each phase of the SDLC model, not only the development phase. D: Security is critical to each phase of the SDLC model, and is not added when the design is completed. References: , 2nd Edition, Syngress, Waltham, 2012, p. 1087

Answer 103

Correct Answer: D Risk reduction should be applied equally to the initiation phase, the development phase, and to the disposal phase. Within the initiation phase a preliminary risk assessment should be carried out to develop an initial description of the confidentiality, integrity, and availability requirements of the system. The development phase include formal risk assessment which identifies vulnerabilities and threats in the proposed system and the potential risk levels as they pertain to confidentiality, integrity, and availability. This builds upon the initial risk assessment carried out in the previous phase (the initiation phase). The results of this assessment help the team build the systems security plan. Disposal activities need to ensure that an orderly termination of the system takes place and that all necessary data are preserved. The storage medium of the system may need to be degaussed, put through a zeroization process, or physically destroyed. Incorrect Answers: A: Risk reduction should be applied to all phases equally, not mostly to the initiation phase. B: Risk reduction should be applied to all phases equally, not mostly to the development phase. C: Risk reduction should be applied to all phases equally, not mostly to the disposal phase. References: , 2nd Edition, Syngress, Waltham, 2012, pp. 1091-1093

Answer 104

Correct Answer: C The Bell-LaPadula model was the first mathematical model of a multilevel security policy used to define the concept of a secure state machine and modes of access, and outlined rules of access. Incorrect Answers: A: Diffie and Hellman developed the first asymmetric key agreement algorithm, not the first multilevel security policy computer system. B: The question asks for the developers of the first mathematical models of a multilevel-security computer system. This was Bell and LaPadula, not Clark and Wilson. D: The question asks for the developers of the first mathematical models of a multilevel-security computer system. This was Bell and LaPadula, not Gasser and Lipner. References: , 6th Edition, McGraw-Hill, 2013, pp. 369, 812

Answer 105

Correct Answer: D The mechanism that automatically causes an alarm originating in a data center to be transmitted over the local municipal fire or police alarm circuits for relaying to both the local police/fire station and the appropriate headquarters is known as an auxiliary station alarm. Alarm systems may have auxiliary alarms that ring at the local fire or police stations. Most central station systems include this feature, which requires permission form the local authorities before implementation. Incorrect Answers; A: Central Station Systems are operated and monitored around the clock by private security firms. The central stations are signaled by detectors over leased lines. Most central station systems include auxiliary alarms that ring at the local fire or police stations. However, the name of the alarm system that rings at the local fire or police stations is auxiliary alarm. Therefore, this answer is incorrect. B: Proprietary Systems are similar to the central station systems, except that the monitoring system is owned and operated by the customer. Proprietary alarm is not name of the alarm that rings at the local fire or police stations. Therefore, this answer is incorrect. C: A remote station alarm is not the alarm that rings at the local fire or police stations. Therefore, this answer is incorrect. References: , Wiley Publishing, Indianapolis, 2007, p. 474

Answer 106

Correct Answer: D A central authority determines what subjects can have access to certain objects based on the organizational security policy. The access controls may be based on the individuals role in the organization (role-based) or the subjects responsibilities and duties (task-based). In an organization where there are frequent personnel changes, non-discretionary access control is useful because the access controls are based on the individuals role or title within the organization. These access controls do not need to be changed whenever a new person takes over that role. Another type of non-discretionary access control is lattice-based access control. In this type of control, a lattice model is applied. In a lattice model, there are pairs of elements that have the least upper bound of values and greatest lower bound of values. To apply this concept to access control, the pair of elements is the subject and object, and the subject has the greatest lower bound and the least upper bound of access rights to an object. Incorrect Answers: A: A flow model does not use a central authority that defines rules and sometimes global rules, dictating what subjects can have access to what objects. B: Discretionary access control does not use a central authority that defines rules and sometimes global rules, dictating what subjects can have access to what objects. C: Mandatory access control does not use a central authority that defines rules and sometimes global rules, dictating what subjects can have access to what objects. References: , Wiley Publishing, Indianapolis, 2007, p. 48

Answer 107

Correct Answer: A Identity-based access control is a type of DAC system that allows or prevents access based on the identity of the subject. Incorrect Answers: B: Task-based access control is a non-discretionary access control model, which is based on the tasks each subject must perform. C: Role-based access control (RBAC) provides access to resources according to the role the user holds within the company or the tasks that the user has been assigned. D: Rule-based access control makes use of explicit rules that specify what can and cannot happen between a subject and an object, not on their security labels. References: , 6th Edition, McGraw-Hill, 2013, pp. 220-228

Answer 108

Correct Answer: C Fences come in varying heights, and each height provides a different level of security: ✑ Fences three to four feet high only deter casual trespassers. ✑ Fences six to seven feet high are considered too high to climb easily. ✑ Fences eight feet high (possibly with strands of barbed or razor wire at the top) means you are serious about protecting your property. They often deter the more determined intruder. The barbed wire on top of fences can be tilted in or out, which also provides extra protection. If the organization is a prison, it would have the barbed wire on top of the fencing pointed in, which makes it harder for prisoners to climb and escape. If the organization is a military base, the barbed wire would be tilted out, making it harder for someone to climb over the fence and gain access to the premises. Critical areas should have fences at least eight feet high to provide the proper level of protection. The fencing should not sag in any areas and must be taut and securely connected to the posts. The fencing should not be easily circumvented by pulling up its posts. The posts should be buried sufficiently deep in the ground and should be secured with concrete to ensure the posts cannot be dug up or tied to vehicles and extracted. If the ground is soft or uneven, this might provide ways for intruders to slip or dig under the fence. In these situations, the fencing should actually extend into the dirt to thwart these types of attacks. Incorrect Answers: A: Fences three to four feet high only deter casual trespassers. They are not the most effective maximum security design. Therefore, this answer is incorrect. B: Fences six to seven feet high are considered too high to climb easily. They are not the most effective maximum security design. Therefore, this answer is incorrect. D: Double fencing is not the most cost effective maximum security design. Two fences would cost more than one good fence. Furthermore, this answer does not state how high the two fences are. Two 3 to 4 fences would not be very secure. Therefore, this answer is incorrect. References: , 6th Edition, McGraw-Hill, 2013, p. 486

Answer 109

Correct Answer: B The Bell-La Padula (BLP) model is a model of computer security that focuses on mandatory and discretionary access control. It was spelled out in an influential paper by David E Bell and Leonard J. La Padula. The Bell-La Padula paper formed the basis of the "Orange Book" security classifications, the system that the US military used to evaluate computer security for decades. Incorrect Answers: A: The Orange Book is not founded upon the Biba model. C: The Orange Book is not founded upon the Clark-Wilson model. D: The Orange Book is not founded upon the TEMPEST model. References: https://sites.google.com/site/cacsolin/bell-lapadula

Answer 110

Correct Answer: A The system architecture aspect of security architecture includes the following: ✑ CPU Central Processing Unit ✑ Storage devices includes both long and short-term storage, such as memory and disk ✑ Peripherals includes both input and output devices, such as keyboards and printer The components and devices connect to the motherboard. However, the motherboard is not considered a basic component of security architecture. Incorrect Answers: B: The Central Processing Unit (CPU) is a basic component of security architecture. C: Storage Devices are a basic component of security architecture. D: Peripherals (input/output devices) are a basic component of security architecture.

Answer 111

Correct Answer: A B2: Structured Protection: The security policy is clearly defined and documented, and the system design and implementation are subjected to more thorough review and testing procedures. This class requires more stringent authentication mechanisms and well-defined interfaces among layers. Subjects and devices require labels, and the system must not allow covert channels. A trusted path for logon and authentication processes must be in place, which means the subject communicates directly with the application or operating system, and no trapdoors exist. There is no way to circumvent or compromise this communication channel. Operator and administration functions are separated within the system to provide more trusted and protected operational functionality. Distinct address spaces must be provided to isolate processes, and a covert channel analysis is conducted. This class adds assurance by adding requirements to the design of the system. The type of environment that would require B2 systems is one that processes sensitive data that require a higher degree of security. This type of environment would require systems that are relatively resistant to penetration and compromise. Incorrect Answers: B: Separate operator and system administrator roles are not required at level B1. C: Separate operator and system administrator roles are required at level A1. However, they are also required at the lower level of B2. D: Separate operator and system administrator roles are required at level A2. However, they are also required at the lower level of B2. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 396 http://csrc.nist.gov/publications/secpubs/rainbow/std001.txt

Answer 112

Correct Answer: A An access control matrix is a table of subjects and objects indicating what actions individual subjects can take upon individual objects. Matrices are data structures that programmers implement as table lookups that will be used and enforced by the operating system. This type of access control is usually an attribute of DAC models. The access rights can be assigned directly to the subjects (capabilities) or to the objects (ACLs). Incorrect Answers: B: The take-grant protection model is used to establish or disprove the safety of a given computer system that follows specific rules. This is not what is described in the question. C: The BellLaPadula Model is a state machine model used for enforcing access control in government and military applications. This is not what is described in the question. D: The Biba Model is a formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity. This is not what is described in the question. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 229

Answer 113

Correct Answer: B Noise in power systems refers to the presence of electrical radiation in the system that is unintentional and interferes with the transmission of clean power. There are several types of noise, the most common being Electromagnetic Interference (EMI ) and Radio Frequency Interference (RFI ). EMI is noise that is caused by the generation of radiation due to the charge difference between the three electrical wires the hot, neutral, and ground wires. Two common types of EMI generated by electrical systems are: 1. Common-mode noise. Noise from the radiation generated by the difference between the hot and ground wires. 2. Traverse-mode noise. Noise from the radiation generated by the difference between the hot and neutral wires. Incorrect Answers: A: Traverse-mode noise is noise from the radiation generated by the difference between the hot and neutral wires, not between the hot and ground wires. Therefore, this answer is incorrect. C: Crossover-mode noise is not one of the two defined types of EMI generated by electrical systems. Therefore, this answer is incorrect. D: Transversal -mode noise is not one of the two defined types of EMI generated by electrical systems. Therefore, this answer is incorrect. References: , Wiley Publishing, Indianapolis, 2007, p. 458

Answer 114

Correct Answer: D There are many types of tests that can be performed to assess the vulnerability of a facility. These include inspection, history of losses and security controls. Inspection covers many aspects of vulnerability testing ranging from checking the perimeter fencing to penetration testing of systems. History of losses (losses from previous attacks or security breaches) is a good way of assessing the vulnerability of a facility. Examining how previous breaches occurred can help determine whether the facility is protected against another similar breach. Testing the security controls in place to ensure they are sufficient is an obvious way of assessing the vulnerability of a facility. Security controls cover everything from the locks on the doors to intrusion detection systems. One thing that cannot be used to assess the vulnerability of a facility is the security budget. The amount of money spent on security is irrelevant. A large security budget does not guarantee that a facility is secure and a small budget does not mean it is insecure. Incorrect Answers: A: Inspection of the security systems can be used to assess the vulnerability of a facility. Therefore, this answer is incorrect. B: History of losses (losses from previous attacks or security breaches) can be used to assess the vulnerability of a facility. Therefore, this answer is incorrect. C: Examining the security controls can be used to assess the vulnerability of a facility. Therefore, this answer is incorrect.

Answer 115

Correct Answer: A At one time, Halon was considered the perfect fire suppression method in computer operations centers, due to the fact that it is not harmful to the equipment, mixes thoroughly with the air, and spreads extremely fast. The benefits of using Halons are that they do not leave liquid or solid residues when discharged. Therefore, they are preferred for sensitive areas, such as computer rooms and data storage areas. However, several issues arose with its deployment, such as that it cannot be breathed safely in concentrations greater than 10 percent, and when deployed on fires with temperatures greater than 900, it degrades into seriously toxic chemicals hydrogen fluoride, hydrogen bromide, and bromine. Some common EPA-acceptable Halon replacements are ✑ FM-200 (HFC-227ea) ✑ CEA-410 or CEA-308 ✑ NAF-S-III (HCFC Blend A) ✑ FE-13 (HFC-23) ✑ Argon (IG55) or Argonite (IG01) ✑ Inergen (IG541) ✑ Low pressure water mists Incorrect Answers: B: Inergen is an EPA-approved replacement for Halon. Therefore, this answer is incorrect. C: FM-200 is an EPA-approved replacement for Halon. Therefore, this answer is incorrect. D: FE-13 is an EPA-approved replacement for Halon. Therefore, this answer is incorrect. References: , Wiley Publishing, Indianapolis, 2007, p. 464-465

Answer 116

Correct Answer: A Trusted Computer System Evaluation Criteria (TCSEC) is a United States Government Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system. The TCSEC was used to evaluate, classify and select computer systems being considered for the processing, storage and retrieval of sensitive or classified information. The TCSEC, frequently referred to as the Orange Book, is the centerpiece of the DoD Rainbow Series publications. Initially issued in 1983 by the National Computer Security Center (NCSC), an arm of the National Security Agency, and then updated in 1985. TCSEC was replaced by the Common Criteria international standard originally published in 2005. Incorrect Answers: B: The Information Technology Security Evaluation Criteria (ITSEC) was the first attempt at establishing a single standard for evaluating security attributes of computer systems and products by many European countries. This is not what is described in the question. C: The DoD Information Assurance Certification and Accreditation Process (DIACAP) is a United States Department of Defense (DoD) process that means to ensure that companies and organizations apply risk management to information systems (IS). This is not what is described in the question. D: The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum-standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. This is not what is described in the question. References: https://en.wikipedia.org/wiki/Trusted_Computer_System

Answer 117

Correct Answer: C A difference between ITSEC and TCSEC is that TCSEC bundles functionality and assurance into one rating, whereas ITSEC evaluates these two attributes separately. The other differences are that ITSEC was developed to provide more flexibility than TCSEC, and ITSEC addresses integrity, availability, and confidentiality, whereas TCSEC addresses only confidentiality. ITSEC also addresses networked systems, whereas TCSEC deals with stand-alone systems. Incorrect Answers: A: Both ITSEC and TCSEC address confidentiality. B: Both ITSEC and TCSEC address confidentiality. D: One of the answers given is correct. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 401

Answer 118

Correct Answer: A A photoelectric sensor does not detect motion; it detects a break in a beam of light. A photoelectric system, or photometric system, detects the change in a light beam. These systems work like photoelectric smoke detectors, which emit a beam that hits the receiver. If this beam of light is interrupted, an alarm sounds. The beams emitted by the photoelectric cell can be cross-sectional and can be invisible or visible beams. Cross-sectional means that one area can have several different light beams extending across it, which is usually carried out by using hidden mirrors to bounce the beam from one place to another until it hits the light receiver. Incorrect Answers: B: A passive infrared system (PIR) identifies the changes of heat waves in an area it is configured to monitor. If the particles temperature within the air rises, it could be an indication of the presence of an intruder, so an alarm is sounded. A PIR is a type of motion detector. Therefore, this answer is incorrect. C: Wave-pattern motion detectors differ in the frequency of the waves they monitor. The different frequencies are microwave, ultrasonic, and low frequency. All of these devices generate a wave pattern that is sent over a sensitive area and reflected back to a receiver. If the pattern is returned undisturbed, the device does nothing. If the pattern returns altered because something in the room is moving, an alarm sounds. A Microwave Sensor is a type of motion detector. Therefore, this answer is incorrect. D: An Ultrasonic Sensor is an example of a wave-pattern motion detector. Therefore, this answer is incorrect. References: , 6th Edition, McGraw-Hill, 2013, p. 495

Answer 119

Correct Answer: C Low humidity of less than 40 percent increases the static electricity damage potential. A static charge of 4000 volts is possible under normal humidity conditions on a hardwood or vinyl floor, and charges up to 20,000 volts or more are possible under conditions of very low humidity with non-staticfree carpeting. Although you cannot control the weather, you certainly can control your relative humidity level in the computer room through your HVAC systems. The list below lists the damage various static electricity charges can do to computer hardware: ✑ 40 volts: Sensitive circuits and transistors ✑ 1,000 volts: Scramble monitor display ✑ 1,500 volts: Disk drive data loss ✑ 2,000 volts: System shutdown ✑ 4,000 volts: Printer Jam ✑ 17,000 volts: Permanent chip damage Incorrect Answers: A: 550 volts is not enough to cause disk drive data loss. Therefore, this answer is incorrect. B: 1000 volts is not enough to cause disk drive data loss. Therefore, this answer is incorrect. D: Only 1500 volts is enough to cause disk drive data loss, not 2000 volts. Therefore, this answer is incorrect. References: , Wiley Publishing, Indianapolis, 2007, p. 460

Answer 120

Correct Answer: B Federal Information Processing Standards (FIPS) is a standard for adoption and use by United States Federal departments and agencies that has been developed within the Information Technology Laboratory and published by the National Institute of Standards and Technology (NIST), a part of the U.S. Department of Commerce. FIPS describe document processing, encryption algorithms and other information technology standards for use within non-military government agencies and by government contractors and vendors who work with the agencies. The standards cover a specific topic in information technology (IT) and strive to achieve a common level of quality or interoperability. Incorrect Answers: A: The National Computer Security Center (NCSC) does not produce or publish the Federal Information Processing Standards (FIPS). C: The National Security Agency (NSA) does not produce or publish the Federal Information Processing Standards (FIPS). D: The American National Standards Institute (ANSI) does not produce or publish the Federal Information Processing Standards (FIPS). References" http://whatis.techtarget.com/definition/Federal-Information-Processing-Standards-FIPS

Answer 121

Correct Answer: A Halon is a gas that was widely used in the past to suppress fires because it interferes with the chemical combustion of the elements within a fire. It mixes quickly with the air and does not cause harm to computer systems and other data processing devices. It was used mainly in data centers and server rooms. It was discovered that halon has chemicals (chlorofluorocarbons) that deplete the ozone and that concentrations greater than 10 percent are dangerous to people. Halon used on extremely hot fires degrades into toxic chemicals, which is even more dangerous to humans. Halon has not been manufactured since January 1, 1992, by international agreement. The Montreal Protocol banned halon in 1987, and countries were given until 1992 to comply with these directives. The most effective replacement for halon is FM-200, which is similar to halon but does not damage the ozone. Incorrect Answers: B: CO2 suppresses fire by starving it of oxygen, not by disrupting a chemical reaction. Therefore, this answer is incorrect. C: Water suppresses fire by lowering the temperature of the fuel to below its ignition point or by dispersing the fuel, not by disrupting a chemical reaction. Therefore, this answer is incorrect. D: Soda acid fire extinguishers are CO2-based fire extinguishers. The soda and the acid react to produce CO2. CO2 suppresses fire by starving it of oxygen, not by disrupting a chemical reaction. Therefore, this answer is incorrect. References: , 6th Edition, McGraw-Hill, 2013, p. 473

Answer 122

Correct Answer: C Multilevel security properties can be expressed in many ways, one being noninterference. This concept is implemented to ensure any actions that take place at a higher security level do not affect, or interfere with, actions that take place at a lower level. This type of model does not concern itself with the flow of data, but rather with what a subject knows about the state of the system. So if an entity at a higher security level performs an action, it cannot change the state for the entity at the lower level. If a lower-level entity was aware of a certain activity that took place by an entity at a higher level and the state of the system changed for this lower-level entity, the entity might be able to deduce too much information about the activities of the higher state, which in turn is a way of leaking information. Users at a lower security level should not be aware of the commands executed by users at a higher level and should not be affected by those commands in any way. Incorrect Answers: A: The BellLaPadula model is a state machine model used for enforcing access control in government and military applications. This is not what is described in the question. B: The information flow model forms the basis of other models such as BellLaPadula or Biba. This is not what is described in the question. D: The Clark-Wilson model prevents unauthorized users from making modifications, prevents authorized users from making improper modifications, and maintains internal and external consistency through auditing. This is not what is described in the question. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 380

Answer 123

Correct Answer: D Multilevel security properties can be expressed in many ways, one being noninterference. This concept is implemented to ensure any actions that take place at a higher security level do not affect, or interfere with, actions that take place at a lower level. This type of model does not concern itself with the flow of data, but rather with what a subject knows about the state of the system. So if an entity at a higher security level performs an action, it cannot change the state for the entity at the lower level. If a lower-level entity was aware of a certain activity that took place by an entity at a higher level and the state of the system changed for this lower-level entity, the entity might be able to deduce too much information about the activities of the higher state, which in turn is a way of leaking information. Users at a lower security level should not be aware of the commands executed by users at a higher level and should not be affected by those commands in any way. Incorrect Answers: A: The information flow model does concern itself with the flow of data. B: The Biba model does concern itself with the flow of data. C: The Bell-LaPadula model does concern itself with the flow of data. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 380

Answer 124

Correct Answer: A Class C fire extinguishers are used for fires involving electrical equipment. Class C fires are electrical fires which that may occur in electrical equipment or wiring. Class C fire extinguishers use gas, CO2 or dry powders as these extinguishing agents are non-conductive. Of the answers given, CO2 is the preferred way to suppress an electrical fire in an information center. Incorrect Answers: B: Soda acid is corrosive. For this reason, it is not suitable for use in an information center. Therefore, this answer is incorrect. C: Soda acid is corrosive. For this reason, it is not suitable for use in an information center. Water is conductive which makes it unsuitable for electrical fires. Therefore, this answer is incorrect. D: ABC Rated Dry Chemical is corrosive. For this reason, it is not suitable for use in an information center. Therefore, this answer is incorrect. References: , 6th Edition, McGraw-Hill, 2013, p. 472 https://en.wikipedia.org/wiki/ABC_dry_chemical

Answer 125

Correct Answer: B B1: Labeled Security: Each data object must contain a classification label and each subject must have a clearance label. When a subject attempts to access an object, the system must compare the subjects and objects security labels to ensure the requested actions are acceptable. Data leaving the system must also contain an accurate security label. The security policy is based on an informal statement, and the design specifications are reviewed and verified. This security rating is intended for environments that require systems to handle classified data. Incorrect Answers: A: Security labels are not required at level C2. C: Security labels are required at level B2; however, they were introduced at level B1. D: Security labels are required at level B3; however, they were introduced at level B1. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 395

Answer 126

Correct Answer: C In the Orange Book, covert channels in operating systems are not addressed until security level B2 and above because these are the systems that would be holding data sensitive enough for others to go through all the necessary trouble to access data in this fashion. B2: Structured Protection: The security policy is clearly defined and documented, and the system design and implementation are subjected to more thorough review and testing procedures. This class requires more stringent authentication mechanisms and well-defined interfaces among layers. Subjects and devices require labels, and the system must not allow covert channels. A trusted path for logon and authentication processes must be in place, which means the subject communicates directly with the application or operating system, and no trapdoors exist. There is no way to circumvent or compromise this communication channel. Operator and administration functions are separated within the system to provide more trusted and protected operational functionality. Distinct address spaces must be provided to isolate processes, and a covert channel analysis is conducted. This class adds assurance by adding requirements to the design of the system. The type of environment that would require B2 systems is one that processes sensitive data that require a higher degree of security. This type of environment would require systems that are relatively resistant to penetration and compromise. Incorrect Answers: A: Level B2, not A1 is the FIRST to be concerned with covert channels. B: Level B2, not B3 is the FIRST to be concerned with covert channels. D: Level B2, not B1 is the FIRST to be concerned with covert channels. References: , 6th Edition, McGraw-Hill, New York, 2013, pp. 395-396

Answer 127

Correct Answer: B The TCSEC defines two kinds of covert channels: ✑ Storage channels - Communicate by modifying a "storage location" ✑ Timing channels - Perform operations that affect the "real response time observed" by the receiver The TCSEC, also known as the Orange Book, requires analysis of covert storage channels to be classified as a B2 system and analysis of covert timing channels is a requirement for class B3. Incorrect Answers: A: Level A1 requires a system to protect against covert timing channels. However, the lower level B3 also requires it. C: Level B2 does not require a system to protect against covert timing channels. D: Level B1 does not require a system to protect against covert timing channels. References: https://en.wikipedia.org/wiki/Covert_channel

Answer 128

Correct Answer: B The Bell-LaPadula model deals only with confidentiality, while the Biba and Clark-Wilson models deal only with integrity. The Clark-Wilson model addresses all three integrity goals: prevent unauthorized users from making modifications, prevent authorized users from making improper modifications, and maintain internal and external consistency. Incorrect Answers: A: The Clark-Wilson security model does not focus on confidentiality; it focuses on integrity. C: The Clark-Wilson security model does not focus on accountability; it focuses on integrity. D: The Clark-Wilson security model does not focus on availability; it focuses on integrity. References: , 6th Edition, McGraw-Hill, New York, 2013, pp. 414, 416

Answer 129

Correct Answer: C The Clark-Wilson security model uses division of operations into different parts and requires different users to perform each part. This is known as Separation of Duties. The Clark-Wilson model outlines how to incorporate separation of duties into the architecture of an application. If a customer needs to withdraw over $10,000, the application may require a supervisor to log in and authenticate this transaction. This is a countermeasure against potential fraudulent activities. The model provides the rules that the developers must follow to properly implement and enforce separation of duties through software procedures. Incorrect Answers: A: The Bell-LaPadula model does not use division of operations into different parts and require different users to perform each part. B: The Biba model does not use division of operations into different parts and require different users to perform each part. D: The Non-interference model does not use division of operations into different parts and require different users to perform each part. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 376

Answer 130

Correct Answer: D In the 1970s, the U.S. military used time-sharing mainframe systems and was concerned about the security of these systems and leakage of classified information. The Bell-LaPadula model was developed to address these concerns. It was the first mathematical model of a multilevel security policy used to define the concept of a secure state machine and modes of access, and outlined rules of access. Its development was funded by the U.S. government to provide a framework for computer systems that would be used to store and process sensitive information. The models main goal was to prevent secret information from being accessed in an unauthorized manner. A system that employs the Bell-LaPadula model is called a multilevel security system because users with different clearances use the system, and the system processes data at different classification levels. Incorrect Answers: A: The Clark-Wilson Model is an integrity model. This is not what is described in the question. B: The HRU security model (Harrison, Ruzzo, Ullman model) is an operating system level computer security model which deals with the integrity of access rights in the system. This is not what is described in the question. C: Rivest and Shamir is not a model. They created RSA cryptography. This is not what is described in the question. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 369

Answer 131

Correct Answer: C When an application uses the Clark-Wilson model, it separates data into one subset that needs to be highly protected, which is referred to as a constrained data item (CDI), and another subset that does not require a high level of protection, which is called an unconstrained data item (UDI). Users cannot modify critical data (CDI) directly. Instead, the subject (user) must be authenticated to a piece of software, and the software procedures (Transformation Procedures) will carry out the operations on behalf of the user. For example, when Kathy needs to update information held within her companys database, she will not be allowed to do so without a piece of software controlling these activities. First, Kathy must authenticate to a program, which is acting as a front end for the database, and then the program will control what Kathy can and cannot do to the information in the database. Incorrect Answers: A: The take-grant protection model is used to establish or disprove the safety of a given computer system that follows specific rules. This is not what is described in the question. B: The Biba Model is a formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity. However, it does not define a constrained data item and a transformation procedure. C: The Bell-LaPadula model does not deal with integrity. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 374

Answer 132

Correct Answer: D A system is operating in a dedicated security mode if all users have a clearance for, and a formal need-to-know about, all data processed within the system. All users have been given formal access approval for all information on the system and have signed nondisclosure agreements (NDAs) pertaining to this information. The system can handle a single classification level of information. A system is operating in system high-security mode when all users have a security clearance to access the information but not necessarily a need-to-know for all the information processed on the system. So, unlike in the dedicated security mode, in which all users have a need-to-know pertaining to all data on the system, in system high-security mode, all users have a need-to-know pertaining to some of the data. This mode also requires all users to have the highest level of clearance required by any and all data on the system. However, even though a user has the necessary security clearance to access an object, the user may still be restricted if he does not have a need-to-know pertaining to that specific object. Incorrect Answers: A: The clearance required is not the difference between the two. All users have clearance in both systems. However, in high-security mode, access is further restricted by need-to-know. B: Object classification is not the difference between the two. The classification of objects can be the same or it can be different; however, high-security mode is further restricted by need-to-know. C: Subjects cannot access all objects is not the difference between the two. All subjects CAN access all objects providing they have the need-to-know. References: , 4th Edition, McGraw-Hill, New York, 2007, p. 387

Answer 133

Correct Answer: D The simple security rule states that a subject at a given security level cannot read data that reside at a higher security level. Simple Security Property is the name of the access control model property that prevented APFEL from reading FIGCO's cargo information. The secure database technique that could explain why, when the insertion attempt succeeded, APFEL was still unsure whether or not FIGCO was shipping pineapples is Polyinstantiation. Polyinstantiation enabled the false record to be created. Polyinstantiation enables a table that contains multiple tuples with the same primary keys, with each instance distinguished by a security level. When this information is inserted into a database, lower-level subjects must be restricted from it. Instead of just restricting access, another set of data is created to fool the lower-level subjects into thinking the information actually means something else. Incorrect Answers: A: The *-property rule (star property rule) states that a subject in a given security level cannot write information to a lower security level. This is not the access control model property that prevented APFEL from reading FIGCO's cargo information. Polymorphism takes place when different objects respond to the same command, input, or message in different ways. This is not the secure database technique used in this question. B: The strong star property rule, states that a subject that has read and write capabilities can only perform those functions at the same security level; nothing higher and nothing lower. So, for a subject to be able to read and write to an object, the clearance and classification must be equal. This is not the access control model property that prevented APFEL from reading FIGCO's cargo information. C: Polymorphism takes place when different objects respond to the same command, input, or message in different ways. This is not the secure database technique used in this question. References: , 4th Edition, McGraw-Hill, New York, 2007, pp. 370, 1186

Answer 134

Correct Answer: C The Clark-Wilson model enforces the three goals of integrity by using access triple (subject, software [TP], object), separation of duties, and auditing. This model enforces integrity by using well-formed transactions (through access triple) and separation of duties. When an application uses the Clark-Wilson model, it separates data into one subset that needs to be highly protected, which is referred to as a constrained data item (CDI), and another subset that does not require a high level of protection, which is called an unconstrained data item (UDI). Users cannot modify critical data (CDI) directly. Instead, the subject (user) must be authenticated to a piece of software, and the software procedures (TPs) will carry out the operations on behalf of the user. For example, when Kathy needs to update information held within her companys database, she will not be allowed to do so without a piece of software controlling these activities. First, Kathy must authenticate to a program, which is acting as a front end for the database, and then the program will control what Kathy can and cannot do to the information in the database. This is referred to as access triple: subject (user), program (TP), and object (CDI). A user cannot modify CDI without using a TP. The Clark-Wilson security model uses division of operations into different parts and requires different users to perform each part. This is known as Separation of Duties. The Clark-Wilson model outlines how to incorporate separation of duties into the architecture of an application. If a customer needs to withdraw over $10,000, the application may require a supervisor to log in and authenticate this transaction. This is a countermeasure against potential fraudulent activities. The model provides the rules that the developers must follow to properly implement and enforce separation of duties through software procedures. Incorrect Answers: A: DAC (Discretionary Access Control) is not a security model that uses an access control triple and requires separation of duty. B: Lattice-based access control model A mathematical model that allows a system to easily represent the different security levels and control access attempts based on those levels. It is not a security model that uses an access control triple and requires separation of duty. D: The BellLaPadula Model is a state machine model used for enforcing access control in government and military applications. It is not a security model that uses an access control triple and requires separation of duty. References: , 6th Edition, McGraw-Hill, New York, 2013, pp. 370-377

Answer 135

Correct Answer: A The Bell-LaPadula model focuses on preventing information from flowing from a high security level to a low security level. Information Flow Model deals with covert channels. Subjects can access files. Processes can access memory segments. When data are moved from the hard drives swap space into memory, information flows. Data are moved into and out of registers on a CPU. Data are moved into different cache memory storage devices. Data are written to the hard drive, thumb drive, CD-ROM drive, and so on. Properly controlling all of these ways of how information flows can be a very complex task. This is why the information flow model existsto help architects and developers make sure their software does not allow information to flow in a way that can put the system or data in danger. One way that the information flow model provides this type of protection is by ensuring that covert channels do not exist in the code. Incorrect Answers: B: The Bell LaPadula model on its own is not sufficient because it does not deal with the identification of covert channels. C: The Biba model is an integrity model. It will not prevent information from flowing from a high security level to a low security level or identify covert channels. D: The Information Flow model on its own is not sufficient because it will not prevent information from flowing from a high security level to a low security level. References: , 6th Edition, McGraw-Hill, New York, 2013, pp. 377-378

Answer 136

Correct Answer: B The Brewer and Nash model, also called the Chinese Wall model, was created to provide access controls that can change dynamically depending upon a users previous actions. The main goal of the model is to protect against conflicts of interest by users access attempts. Under the Brewer and Nash model, company sensitive information is categorized into mutually disjointed conflict-of-interest categories. If you have access to one set of data, you cannot access the other sets of data. Incorrect Answers: A: The Biba model deals with integrity. It does not use dynamically changing permissions. C: The Graham-Denning model shows how subjects and objects should be securely created and deleted. It also addresses how to assign specific access rights. It does not use dynamically changing permissions. D: The Clark-Wilson model deals with integrity. It does not use dynamically changing permissions. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 383

Answer 137

Correct Answer: A In terms of physical security, people are the last line of defense for your companys assets. If an intruder gets past the perimeter barriers, then the external barriers and finally the internal barriers, there are no more physical defenses remaining other than people in the facility. Incorrect Answers: B: Interior barriers are behind external barriers and perimeter barriers in terms of physical security. However, internal barriers are not the last line of defense; people are. Therefore, this answer is incorrect. C: Exterior barriers are between perimeter barriers and internal barriers in terms of physical security. Therefore, they are not the last line of defense so this answer is incorrect. D: Perimeter barriers are the first line of defense; not the last line of defense. Therefore, this answer is incorrect.

Answer 138

Correct Answer: B Environmental errors include utility failure, service outage, natural disasters, or neighboring hazards. Any issue with the environment in which a system is installed is known as an environmental error. Maintaining appropriate temperature and humidity is important in any facility, especially facilities with computer systems. Improper levels of either can cause damage to computers and electrical devices. High humidity can cause corrosion, and low humidity can cause excessive static electricity. This static electricity can short out devices, cause the loss of information, or provide amusing entertainment for unsuspecting employees. Lower temperatures can cause mechanisms to slow or stop, and higher temperatures can cause devices to use too much fan power and eventually shut down. Incorrect Answers: A: A configuration error is a problem caused by the configuration of the settings in a system, not the environment in which the system is installed. C: An access validation error is a problem caused a user not having the correct permissions or access rights to the system. An access validation error is not caused by the environment in which the system is installed. D: An exceptional condition handling error is a problem caused by the software code of the system, not the environment in which the system is installed. References: , 6th Edition, McGraw-Hill, 2013, p. 466

Answer 139

Correct Answer: A Secure European System for Applications in a Multi-vendor Environment (SESAME) was developed to address some of the weaknesses in Kerberos and uses public key cryptography for the distribution of secret keys and provides additional access control support. Incorrect Answers: B: RADIUS is a network protocol that allows for client/server authentication and authorization, and audits remote users. It was not developed to address some of the weaknesses in Kerberos. C: KryptoKnight provides authentication and key distribution services to applications and communicating entities in a network environment. It was not developed to address some of the weaknesses in Kerberos. D: TACACS+ is a network protocol that allows for client/server authentication and authorization. It was not developed to address some of the weaknesses in Kerberos. References: , 6th Edition, McGraw-Hill, 2013, pp. 214, 234-236 http://www.eurecom.fr/~nsteam/Papers/kryptoknight.pdf

Answer 140

Correct Answer: D One drawback of security guards is that the cost of maintaining a guard function either internally or through an external service is expensive. With common physical security risk countermeasures such as door entry control systems or perimeter fencing, there is typically a one-off cost when the countermeasure is implemented. With security guards, you have the ongoing cost of paying the salary of the security guard. Incorrect Answers: A: Procedural controls consist of approved written policies, procedures, standards and guidelines. The cost of implement procedural controls is not more costly than the ongoing costs associated with security guards. Therefore, this answer is incorrect. B: Hardware Devices typically have a one-off cost when they are implemented and they may have a small cost for maintenance. However, this cost not more costly than the ongoing costs associated with security guards. Therefore, this answer is incorrect. C: Electronic Systems typically have a one-off cost when they are implemented and they may have a small cost for maintenance. However, this cost not more than the ongoing costs associated with security guards. Therefore, this answer is incorrect. References: , Wiley Publishing, Indianapolis, 2007, p. 535

Answer 141

Correct Answer: D Lucifer was adopted and modified by the U.S. National Security Agency (NSA) to establish the U.S. Data Encryption Standard (DES) in 1976. Incorrect Answers: A: Twofish is a symmetric block cipher, which was a candidate for being the basis of the Advanced Encryption Standard (AES). B: Skipjack is an algorithm that was used by Clipper Chip, which was used in the Escrowed Encryption Standard (EES). C: Brooks-Aldeman is not a valid algorithm. References: , 6th Edition, McGraw-Hill, 2013, pp. 764, 809 Question #87

Answer 142

Correct Answer: A With Electronic Code Book (ECB) Mode, a 64-bit data block is entered into the algorithm with a key, and a block of ciphertext is produced. The same block of ciphertext will always result from a given block of plaintext and a given key. Incorrect Answers: B: This option refers to Cipher Block Chaining (CBC). C: This option is not a characteristic of using the Electronic Code Book mode of DES encryption, as ECB allows for ciphertext to be produced from a given block of plaintext and a given key. D: This option refers to Cipher Block Chaining (CBC). References: , 6th Edition, McGraw-Hill, 2013, pp. 800-807

Answer 143

Correct Answer: B When information is encrypted using a public key, it can only be decrypted by using the associated private key. As the recipient is the only person with the private key, the recipient is the only person who can decrypt the message. This provides a form of authentication in that the recipient's identity can be positively verified by the sender. If the receiver replies to the message, the sender knows that the intended recipient received the message. References: , 6th Edition, McGraw-Hill, 2013, pp. 784-785

Answer 144

Correct Answer: C Elliptic curves are rich mathematical structures that have shown usefulness in many different types of applications. An elliptic curve cryptosystem (ECC) provides much of the same functionality RSA provides: digital signatures, secure key distribution, and encryption. One differing factor is ECCs efficiency. ECC is more efficient than RSA and any other asymmetric algorithm. Some devices have limited processing capacity, storage, power supply, and bandwidth, such as wireless devices and cellular telephones. With these types of devices, efficiency of resource use is very important. ECC provides encryption functionality, requiring a smaller percentage of the resources compared to RSA and other algorithms, so it is used in these types of devices. In most cases, the longer the key, the more protection that is provided, but ECC can provide the same level of protection with a key size that is shorter than what RSA requires. Because longer keys require more resources to perform mathematical tasks, the smaller keys used in ECC require fewer resources of the device. Incorrect Answers: A: Elliptic Curve Cryptography (ECC) has a higher strength per bit of key length than RSA. B: Elliptic Curve Cryptography (ECC) has a higher strength per bit of key length than El Gamal. D: Elliptic Curve Cryptography (ECC) has a higher strength per bit of key length than AES. References: , 6th Edition, McGraw-Hill, 2013, pp. 818-819

Answer 145

Correct Answer: B A session key is a single-use symmetric key that is used to encrypt messages between two users during a communication session. If Tanya has a symmetric key she uses to always encrypt messages between Lance and herself, then this symmetric key would not be regenerated or changed. They would use the same key every time they communicated using encryption. However, using the same key repeatedly increases the chances of the key being captured and the secure communication being compromised. If, on the other hand, a new symmetric key were generated each time Lance and Tanya wanted to communicate, it would be used only during their one dialogue and then destroyed. If they wanted to communicate an hour later, a new session key would be created and shared. A session key provides more protection than static symmetric keys because it is valid for only one session between two computers. If an attacker were able to capture the session key, she would have a very small window of time to use it to try to decrypt messages being passed back and forth. Incorrect Answers: A: A strong encryption key offers no protection against brute force attacks. If the same key is always used, once an attacker obtains the key, he would be able to decrypt the data. C: It is not true that nothing can defend you against a brute force crypto key attack. Using a different key every time is a good defense. D: There are no algorithms that are immune to brute force key attacks. This is why it is a good idea to use a different key every time. References: , 6th Edition, McGraw-Hill, 2013, pp. 798-799

Answer 146

Correct Answer: C DES is a symmetric block encryption algorithm. When 64-bit blocks of plaintext go in, 64-bit blocks of ciphertext come out. It is also a symmetric algorithm, meaning the same key is used for encryption and decryption. It uses a 64-bit key: 56 bits make up the true key, and 8 bits are used for parity. When the DES algorithm is applied to data, it divides the message into blocks and operates on them one at a time. The blocks are put through 16 rounds of transposition and substitution functions. The order and type of transposition and substitution functions depend on the value of the key used with the algorithm. The result is 64-bit blocks of ciphertext Incorrect Answers: A: When 64-bit blocks of plaintext go in, 64-bit blocks of encrypted data come out. B: DES uses a 64-bit key (not 128-bit): 56 bits make up the true key, and 8 bits are used for parity. D: DES uses 64-bit blocks, not 56-bit. References: , 6th Edition, McGraw-Hill, 2013, p. 801

Answer 147

Correct Answer: B Pretty Good Privacy (PGP) was designed by Phil Zimmerman as a freeware e-mail security program and was released in 1991. It was the first widespread public key encryption program. PGP is a complete cryptosystem that uses cryptographic protection to protect e-mail and files. It can use RSA public key encryption for key management and use IDEA symmetric cipher for bulk encryption of data, although the user has the option of picking different types of algorithms for these functions. PGP can provide confidentiality by using the IDEA encryption algorithm, integrity by using the MD5 hashing algorithm, authentication by using the public key certificates, and nonrepudiation by using cryptographically signed messages. PGP uses its own type of digital certificates rather than what is used in PKI, but they both have similar purposes. Incorrect Answers: A: PGP uses a symmetric encryption algorithm, not an asymmetric encryption algorithm to encrypt data. C: PGP does not use a symmetric key distribution system to encrypt data. D: An X.509 digital certificate is used in asymmetric cryptography. PGP does not use asymmetric cryptography. References: , 6th Edition, McGraw-Hill, 2013, p. 850

Answer 148

Correct Answer: D "Risks" is not one of the three areas that the Physical Security domain focuses on. The Physical Security domain addresses the threats, vulnerabilities, and countermeasures that can be utilized to physically protect an enterprises resources and sensitive information. These resources include personnel, the facility in which they work, and the data, equipment, support systems, and media with which they work. Physical security often refers to the measures taken to protect systems, buildings, and their related supporting infrastructure against threats that are associated with the physical environment. Incorrect Answers: A: Threats is one of the three areas that the Physical Security domain focuses on. Therefore, this answer is incorrect. B: Countermeasures is one of the three areas that the Physical Security domain focuses on. Therefore, this answer is incorrect. C: Vulnerabilities is one of the three areas that the Physical Security domain focuses on. Therefore, this answer is incorrect. References: , Wiley Publishing, Indianapolis, 2007, p. 451

Answer 149

Correct Answer: A Julius Caesar (10044 B.C.) developed a simple method of shifting letters of the alphabet. He simply shifted the alphabet by three positions. Today, this technique seems too simplistic to be effective, but in the time of Julius Caesar, not very many people could read in the first place, so it provided a high level of protection. The Caesar cipher is an example of a monoalphabetic cipher. Once more people could read and reverse-engineer this type of encryption process, the cryptographers of that day increased the complexity by creating polyalphabetic ciphers. In the 16th century in France, Blaise de Vigenere developed a polyalphabetic substitution cipher for Henry III. This was based on the Caesar cipher, but it increased the difficulty of the encryption and decryption process Incorrect Answers: B: The Vigenere polyalphabetic cipher is based on the Caesar cipher, not the Jefferson disks. C: The Vigenere polyalphabetic cipher is based on the Caesar cipher, not Enigma. D: The Vigenere polyalphabetic cipher is based on the Caesar cipher, not SIGABA. References: , 6th Edition, McGraw-Hill, 2013, pp. 761-762

Answer 150

Correct Answer: A MD5 is a message digest algorithm that was developed by Ronald Rivest in 1991. MD5 takes a message of an arbitrary length and generates a 128-bit message digest. In MD5, the message is processed in 512-bit blocks in four distinct rounds. Incorrect Answers: B: MD5 generates a 128-bit message digest, not 160-bit. C: MD5 generates a 128-bit message digest, not 256-bit. D: MD5 generates a 128-bit message digest regardless of the message size. , John Wiley & Sons, New York, 2001, p. 153

Answer 151

Correct Answer: B When two computers (peers) use IPsec to communicate, they create two kinds of security associations. In the first, called main mode or phase one, the peers mutually authenticate themselves to each other, thus establishing trust between the computers. In the second, called quick mode or phase two, the peers will negotiate the particulars of the security association, including how they will digitally sign and encrypt traffic between them. Incorrect Answers: A: The phase in which peer authentication is performed is not known as the Pre Initialization Phase. C: Peer authentication is performed in phase 1, not phase 2. D: It is not true that no peer authentication is performed. References: https://technet.microsoft.com/en-us/library/cc512617.aspx

Answer 152

Correct Answer: A CHAP (Challenge Handshake Authentication Protocol) is not used within IKE and IPSec. Internet Key Exchange (IKE or IKEv2) is the protocol used to set up a security association (SA) in the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP. IKE uses X.509 certificates for authentication - either pre-shared or distributed using DNS and a DiffieHellman key exchange - to set up a shared session secret from which cryptographic keys are derived. IKE phase one's purpose is to establish a secure authenticated communication channel by using the DiffieHellman key exchange algorithm to generate a shared secret key to encrypt further IKE communications. This negotiation results in one single bi-directional ISAKMP Security Association (SA). The authentication can be performed using either pre-shared key (shared secret), signatures, or public key encryption. Incorrect Answers: B: Pre-shared key is an authentication method that can be used within IKE and IPsec. C: Certificate-based authentication is an authentication method that can be used within IKE and IPsec. D: Public key authentication is an authentication method that can be used within IKE and IPsec. References: https://en.wikipedia.org/wiki/Internet_Key_Exchange

Answer 153

Correct Answer: B A pre-shared key is simply a string of characters known to both parties. When configuring a VPN using IPSec with pre-shared keys for authentication, the pre- shared key is entered into the configuration of the VPN device at each end of the VPN. it can use pre-shared keys. When using pre-shared keys, you do not need a PKI. Incorrect Answers: A: It is true that pre-shared key authentication is normally based on simple passwords. C: It is true that IKE is used to setup Security Associations. D: It is true that IKE builds upon the Oakley protocol and the ISAKMP protocol. References: https://en.wikipedia.org/wiki/Internet_Key_Exchange

Answer 154

Correct Answer: B Public key infrastructure (PKI) consists of programs, data formats, procedures, communication protocols, security policies, and public key cryptographic mechanisms working in a comprehensive manner to enable a wide range of dispersed people to communicate in a secure and predictable fashion. In other words, a PKI establishes a level of trust within an environment. PKI is an ISO authentication framework that uses public key cryptography and the X.509 standard. Each person who wants to participate in a PKI requires a digital certificate, which is a credential that contains the public key for that individual along with other identifying information. The certificate is created and signed (digital signature) by a trusted third party, which is a certificate authority (CA). The certificate authority (CA) is the entity that issues the certificates. CAs are often organized into hierarchies with the root CA at the top of the hierarchy and intermediate or subordinate CAs below the root. As the root CA is top of the tree, it is often referred to as the Top-Level CA. Incorrect Answers: A: A Subordinate CA is below the root or top-level CA. C: A Root CA is not known as a Big CA. D: A Root CA is not known as a Master CA. References: , 6th Edition, McGraw-Hill, 2013, p. 833

Answer 155

Correct Answer: A More and more organizations are setting up their own internal PKIs. When these independent PKIs need to interconnect to allow for secure communication to take place (either between departments or between different companies), there must be a way for the two root CAs to trust each other. The two CAs do not have a CA above them they can both trust, so they must carry out cross certification. A cross certification is the process undertaken by CAs to establish a trust relationship in which they rely upon each others digital certificates and public keys as if they had issued them themselves. When this is set up, a CA for one company can validate digital certificates from the other company and vice versa. Incorrect Answers: B: Building an overall PKI hierarchy is not the primary purpose of cross certification. Cross certification is used to create a trust between different PKIs or PKI hierarchies. C: Cross certification does not set up a direct trust to a second root CA; it creates trusts between two PKIs (this includes all CAs in each hierarchy). D: Preventing the nullification of user certificates by CA certificate revocation is not the purpose of cross certification. Certificate revocation should nullify user certificates or at least render them untrusted. References: , 6th Edition, McGraw-Hill, 2013, p. 835

Answer 156

Correct Answer: C Secure MIME (S/MIME) is a standard for encrypting and digitally signing electronic mail and for providing secure data transmissions. S/MIME extends the MIME standard by allowing for the encryption of e-mail and attachments. The encryption and hashing algorithms can be specified by the user of the mail package, instead of having it dictated to them. S/MIME follows the Public Key Cryptography Standards (PKCS). S/MIME provides confidentiality through encryption algorithms, integrity through hashing algorithms, authentication through the use of X.509 public key certificates, and nonrepudiation through cryptographically signed message digests. A user that sends a message with confidential information can keep the contents private while it travels to its destination by using message encryption. For message encryption, a symmetric algorithm (DES, 3DES, or in older implementations RC2) is used to encrypt the message data. The key used for this process is a one-time bulk key generated at the email client. The recipient of the encrypted message needs the same symmetric key to decrypt the data, so the key needs to be communicated to the recipient in a secure manner. To accomplish that, an asymmetric key algorithm (RSA or Diffie-Hellman) is used to encrypt and securely exchange the symmetric key. The key used for this part of the message encryption process is the recipients public key. When the recipient receives the encrypted message, he will use his private key to decrypt the symmetric key, which in turn is used to decrypt the message data. As you can see, this type of message encryption uses a hybrid system, which means it uses both symmetric and asymmetric algorithms. The reason for not using the public key system to encrypt the data directly is that it requires a lot of CPU resources; symmetric encryption is much faster than asymmetric encryption. Only the content of a message is encrypted; the header of the message is not encrypted so mail gateways can read addressing information and forward the message accordingly. Incorrect Answers: A: The S/MIME-standard does not use asymmetric encryption to encrypt the message; for message encryption, a symmetric algorithm is used. Asymmetric encryption is used to encrypt the symmetric key. B: The S/MIME-standard does not use a password based encryption scheme. D: The S/MIME-standard does not use Elliptic curve based encryption. References: , 6th Edition, McGraw-Hill, 2013, p. 850 http://www.techexams.net/technotes/securityplus/emailsecurity.shtml

Answer 157

Correct Answer: B Every entity (user, computer, application, network device) that has a certificate from a PKI trusts other entities with certificates issued by the same PKI because they all trust the root Certificate Authority (CA). This trust is ensured because every entity has a copy of the root CAs public certificate. If you want to change or renew the root CA certificate, to maintain the trust, the new certificate must be distributed to every entity that has a certificate from the PKI. Incorrect Answers: A: Renewing a root CA certificate does not require key recovery of all end user keys. C: Renewing a root CA certificate does not require the collection of the old root CA certificates from all the users; the root certificates will just be invalid because they will be out-of-date. D: Issuance of the new root CA certificate is not a problem; it is not a difficult procedure. The distribution of the certificate to all PKI participants is more of a challenge.

Answer 158

Correct Answer: A Critical areas should be lighted eight feet high and two feet out. The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated eight feet high and use two foot-candles, which is a unit that represents the illumination power of an individual light. Incorrect Answers: A: Critical areas should be lighted eight feet high and two feet out, not eight feet high and four feet out. Therefore, this answer is incorrect. B: Critical areas should be lighted eight feet high and two feet out, not ten feet high and four feet out. Therefore, this answer is incorrect. D: Critical areas should be lighted eight feet high and two feet out, not ten feet high and six feet out. Therefore, this answer is incorrect. References: , 6th Edition, McGraw-Hill, 2013, p. 1365

Answer 159

Correct Answer: A An X.509 certificate contains information about the identity to which a certificate is issued and the identity that issued it. Standard information in an X.509 certificate includes: ✑ Version which X.509 version applies to the certificate (which indicates what data the certificate must include) Serial number the identity creating the certificate must assign it a serial number that distinguishes it from other certificates ✑ Algorithm information the algorithm used by the issuer to sign the certificate ✑ Issuer distinguished name the name of the entity issuing the certificate ✑ Validity period of the certificate start/end date and time ✑ Subject distinguished name the name of the identity the certificate is issued to ✑ Subject public key information the public key associated with the identity ✑ Extensions (optional) Incorrect Answers: B: The telephone number of the department is not included in an X509 certificate. C: The secret key of the issuing CA is not included in an X509 certificate. The secret key is the private key which is never distributed. D: The key pair of the certificate holder is not included in an X509 certificate. A key pair includes a private key which is kept private. References: http://searchsecurity.techtarget.com/definition/X509-certificate

Answer 160

Correct Answer: C In cryptography, PKCS #1 is the first of a family of standards called Public-Key Cryptography Standards (PKCS), published by RSA Laboratories. It provides the basic definitions of and recommendations for implementing the RSA algorithm for public-key cryptography. It defines the mathematical properties of public and private keys, primitive operations for encryption and signatures, secure cryptographic schemes, and related ASN.1 syntax representations. Incorrect Answers: A: PKCS #17799 is not a valid Public Key Cryptography Standard (PKCS) addressing RSA. B: PKCS-RSA is not a valid Public Key Cryptography Standard (PKCS) addressing RSA. D: PKCS#11 is not a valid Public Key Cryptography Standard (PKCS) addressing RSA. References: https://en.wikipedia.org/wiki/PKCS_1

Answer 161

Correct Answer: C The value of items to be protected can be determined by a critical-path analysis. The critical-path analysis lists all pieces of an environment and how they interact. Incorrect Answers: A: Critical-channel analysis is not the correct term for the analysis described in the question. Therefore, this answer is incorrect. B: A covert channel is a way for an entity to receive information in an unauthorized manner. Covert channel analysis is used to determine where covert channels exist. This is not the analysis described in the question. Therefore, this answer is incorrect. D: Critical-conduit analysis is not the correct term for the analysis described in the question. Therefore, this answer is incorrect.

Answer 162

Correct Answer: B A capacitance detector, emits a measurable magnetic field. The detector monitors this magnetic field, and an alarm sounds if the field is disrupted. These devices are usually used to protect specific objects (artwork, cabinets, or a safe) versus protecting a whole room or area. An electrostatic IDS creates an electrostatic magnetic field, which is just an electric field associated with static electric charges. All objects have a static electric charge. They are all made up of many subatomic particles, and when everything is stable and static, these particles constitute one holistic electric charge. This means there is a balance between the electric capacitance and inductance. Now, if an intruder enters the area, his subatomic particles will mess up this balance in the electrostatic field, causing a capacitance change, and an alarm will sound. Incorrect Answers: A: Wave pattern motion detectors are used overall room security monitoring. Therefore, this answer is incorrect. C: Field-powered devices are not intrusion detection devices. Field-powered device refers to a type of system-sensing proximity card. Therefore, this answer is incorrect. D: Audio detectors are used overall room security monitoring. Therefore, this answer is incorrect. References: , 6th Edition, McGraw-Hill, 2013, p. 496 , 6th Edition, McGraw-Hill, New York, 2013, p. 850 Question #133

Answer 163

Correct Answer: B A capacitance detector, emits a measurable magnetic field. The detector monitors this magnetic field, and an alarm sounds if the field is disrupted. These devices are usually used to protect specific objects (artwork, cabinets, or a safe) versus protecting a whole room or area. An electrostatic IDS creates an electrostatic magnetic field, which is just an electric field associated with static electric charges. All objects have a static electric charge. They are all made up of many subatomic particles, and when everything is stable and static, these particles constitute one holistic electric charge. This means there is a balance between the electric capacitance and inductance. Now, if an intruder enters the area, his subatomic particles will mess up this balance in the electrostatic field, causing a capacitance change, and an alarm will sound. Incorrect Answers: A: Wave pattern motion detectors are used overall room security monitoring. Therefore, this answer is incorrect. C: Field-powered devices are not intrusion detection devices. Field-powered device refers to a type of system-sensing proximity card. Therefore, this answer is incorrect. D: Audio detectors are used overall room security monitoring. Therefore, this answer is incorrect. References: , 6th Edition, McGraw-Hill, 2013, p. 496 , 6th Edition, McGraw-Hill, New York, 2013, p. 850

Answer 164

Correct Answer: C The Key Distribution Center (KDC) is the most important component within a Kerberos environment as it holds all users and services secret keys. Incorrect Answers: A: Key Distribution Service is not a valid Kerberos term. B: The authentication service is a part of the KDC that authenticates a principal. It does not hold all users' and services' cryptographic keys D: Key Granting Service is not a valid Kerberos term. References: , 6th Edition, McGraw-Hill, 2013, pp. 209-213

Answer 165

Correct Answer: C Public Key describes a system that uses certificates or the underlying public key cryptography on which the system is based. In the traditional public key model, clients are issued credentials or "certificates" by a Certificate Authority (CA). The CA is a trusted third party. Public key certificates contain the user's name, the expiration date of the certificate etc. The most common certificate format is X.509. Public key credentials in the form of certificates and public-private key pairs can provide a strong distributed authentication system. The Kerberos and public key trust models are very similar. A Kerberos ticket is analogous to a public key certificate (a Kerberos ticket is supplied to provide access to resources). However, Kerberos tickets usually have lifetimes measured in days or hours rather than months or years. Incorrect Answers: A: Kerberos tickets do not actually contain public keys. They use symmetric cryptography which uses one shared key instead of asymmetric cryptography which uses public-private key pairs. B: Kerberos tickets do not contain private keys. They use symmetric cryptography which uses one shared key instead of asymmetric cryptography which uses public-private key pairs. D: Private-key certificates are always kept by the authentication provider; they are never distributed to subjects that require access to resources. The public key is given to the subject to provide access to a resource in a similar way to a Kerberos ticket. References: , 5th Edition, Auerbach Publications, Boca Raton, 2006, p. 1438

Answer 166

Correct Answer: B Each person who wants to participate in a PKI requires a digital certificate, which is a credential that contains the public key for that individual along with other identifying information. The certificate is created and signed (digital signature) by a trusted third party, which is a certificate authority (CA). When the CA signs the certificate, it binds the individuals identity to the public key, and the CA takes liability for the authenticity of that individual. It is this trusted third party (the CA) that allows people who have never met to authenticate to each other and to communicate in a secure method. If Kevin has never met Dave but would like to communicate securely with him, and they both trust the same CA, then Kevin could retrieve Daves digital certificate and start the process. Incorrect Answers: A: A digital certificate is not the same as a digital signature proving Integrity and Authenticity of the data. A digital certificate binds a key to an identity. C: It is not true that you can only get a digital certificate from Verisign, RSA if you wish to prove the key belong to a specific user; you can get a digital certificate from any CA. The CA needs to be trusted however for the certificate to be effective. The CA can be one of many public CAs or it can be part of a private PKI. D: A digital certificate can contain geography data such as country for example. References: , 6th Edition, McGraw-Hill, 2013, p. 834

Answer 167

Correct Answer: C The National Institute of Standards and Technology (NIST) issues the 140 Publication Series to coordinate the requirements and standards for cryptographic modules which include both hardware and software components for use by departments and agencies of the United States federal government. FIPS 140 does not purport to provide sufficient conditions to guarantee that a module conforming to its requirements is secure, still less that a system built using such modules is secure. The requirements cover not only the cryptographic modules themselves but also their documentation and (at the highest security level) some aspects of the comments contained in the source code. Incorrect Answers: A: FIPS-140 is not a standard for cryptographic service providers. B: FIPS-140 is not a standard for smartcards. D: FIPS-140 is not a standard for hardware security modules. References: https://en.wikipedia.org/wiki/FIPS_140

Answer 168

Correct Answer: C Occasionally, a certificate authority needs to revoke a certificate. This might occur for one of the following reasons: ✑ The certificate was compromised. ✑ The certificate was erroneously issued. ✑ The details of the certificate changed. ✑ The security association changed. The revocation request grace period is the maximum response time within which a CA will perform any requested revocation. This is defined in the certificate practice statement (CPS). The CPS states the practices a CA employs when issuing or managing certificates. Incorrect Answers: A: The revocation request grace period is not the period of time allotted within which the user must make a revocation request upon a revocation reason. B: The revocation request grace period is the maximum response time, not the minimum response time within which a CA will perform any requested revocation. D: The revocation request grace period is not the period of time between the arrival of a revocation request and the publication of the revocation information. Publication of a certificate revocation list does not always happen as soon as a certificate has been revoked.

Answer 169

Correct Answer: A A CA revocation mailing list is NOT a suitable method for distributing certificate revocation information. There are several mechanisms to represent revocation information; RFC 2459 defines one such method. This method involves each CA periodically issuing a signed data structure called a certificate revocation list (CRL). A CRL is a time stamped list identifying revoked certificates, which is signed by a CA and made freely available in a public repository. There are several types of CRLs: full CRLs (also known as base CRLs), delta CRLs, and CRL Distribution Points (CDPs). Full CRLs contain the status of all certificates. Delta CRLs contain only the status of all certificates that have changed status between the issuance the last Base CRL. CRL Distribution Point (CDP) is a certificate extension that indicates where the certificate revocation list for a CA can be retrieved. This extension can contain multiple HTTP, FTP, File or LDAP URLs for the retrieval of the CRL. Online Certificate Status Protocol (OCSP) is a protocol that allows real-time validation of a certificate's status by having the CryptoAPI make a call to an OCSP responder and the OCSP responder providing an immediate validation of the revocation status for the presented certificate. Typically, the OCSP responder uses CRLs for retrieving certificate status information. Incorrect Answers: B: A Delta CRL is a suitable method for distributing certificate revocation information. C: OCSP (online certificate status protocol) is a suitable method for distributing certificate revocation information. D: Distribution point CRL is a suitable method for distributing certificate revocation information. References: https://technet.microsoft.com/en-us/library/cc700843.aspx

Answer 170

Correct Answer: A Elliptic curves are rich mathematical structures that have shown usefulness in many different types of applications. An elliptic curve cryptosystem (ECC) provides much of the same functionality RSA provides: digital signatures, secure key distribution, and encryption. One differing factor is ECCs efficiency. ECC is more efficient than RSA and any other asymmetric algorithm. Some devices have limited processing capacity, storage, power supply, and bandwidth, such as wireless devices and cellular telephones. With these types of devices, efficiency of resource use is very important. ECC provides encryption functionality, requiring a smaller percentage of the resources compared to RSA and other algorithms, so it is used in these types of devices. In most cases, the longer the key, the more protection that is provided, but ECC can provide the same level of protection with a key size that is shorter than what RSA requires. Because longer keys require more resources to perform mathematical tasks, the smaller keys used in ECC require fewer resources of the device. Incorrect Answers: B: RSA is less efficient than ECC which makes RSA less suited for communication with handheld wireless devices. C: SHA is a hashing algorithm; it is not an encryption algorithm suited for communication with handheld wireless devices. D: RC4 is a symmetric algorithm whereas ECC is asymmetric which makes ECC more suited for communication with handheld wireless devices. References: , 6th Edition, McGraw-Hill, 2013, pp. 818-819

Answer 171

Correct Answer: D Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), both of which are frequently referred to as 'SSL', are cryptographic protocols designed to provide communications security over a computer network. The connection is reliable because each message transmitted includes a message integrity check using a message authentication code to prevent undetected loss or alteration of the data during transmission. A message authentication code (MAC) is a short piece of information used to authenticate a messagein other words, to provide integrity and authenticity assurances on the message. Integrity assurances detect accidental and intentional message changes, while authenticity assurances affirm the message's origin. A MAC algorithm, sometimes called a keyed (cryptographic) hash function (however, cryptographic hash function is only one of the possible ways to generate MACs), accepts as input a secret key and an arbitrary-length message to be authenticated, and outputs a MAC (sometimes known as a tag). The MAC value protects both a message's data integrity as well as its authenticity, by allowing verifiers (who also possess the secret key) to detect any changes to the message content. Incorrect Answers: A: Secure Sockets Layer (SSL) does not use a Message Authentication Code (MAC) for message non-repudiation. B: Secure Sockets Layer (SSL) does not use a Message Authentication Code (MAC) for message confidentiality; it uses symmetric cryptography for that. C: Secure Sockets Layer (SSL) does not use a Message Authentication Code (MAC) for message interleave checking. References: https://en.wikipedia.org/wiki/Transport_Layer_Security https://en.wikipedia.org/wiki/Message_authentication_code

Answer 172

Correct Answer: A Digital signatures do not provide encryption. The purpose of digital signatures is to detect unauthorized modifications of data, and to authenticate the identity of the signatories and non-repudiation. These functions are accomplished by generating a block of data that is usually smaller than the size of the original data. This smaller block of data is bound to the original data and to the identity of the sender. This binding verifies the integrity of data and provides non-repudiation. To quote the National Institute Standards and Technology (NIST) Digital Signature Standard (DSS): Digital signatures are used to detect unauthorized modifications to data and to authenticate the identity of the signatory. In addition, the recipient of signed data can use a digital signature in proving to a third party that the signature was in fact generated by the signatory. Incorrect Answers: B: Digital signatures do provide integrity. C: The digital signature standard (DSS) as its name suggests is all about digital signatures. D: Digital signatures do provide authentication. References: , John Wiley & Sons, New York, 2001, p. 151

Answer 173

Correct Answer: B In cryptography, key clustering is said to occur when two different keys generate the same ciphertext from the same plaintext, using the same cipher algorithm. A good cipher algorithm, using different keys on the same plaintext, should generate a different ciphertext, irrespective of the key length. Incorrect Answers: A: Key collision is not the correct term to describe an instance of two different keys generating the same ciphertext from the same plaintext. C: Hashing is the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string. This is not what is described in the question. D: Ciphertext collision is not the correct term to describe an instance of two different keys generating the same ciphertext from the same plaintext. References: https://en.wikipedia.org/wiki/Key_clustering

Answer 174

Correct Answer: C With Link Encryption each entity has keys in common with its two neighboring nodes in the transmission chain. Thus, a node receives the encrypted message from its predecessor (the neighboring node), decrypts it, and then re-encrypts it with another key that is common to the successor node. Then, the encrypted message is sent on to the successor node where the process is repeated until the final destination is reached. Obviously, this mode does not provide protection if the nodes along the transmission path can be compromised. Incorrect Answers: A: It is not true that each entity has a common key with the destination node. Each entity has keys in common with only its two neighboring nodes. B: It is not true that encrypted messages are only decrypted by the final node. Every node in the chain (except the original sending node) decrypts the message. D: It is not true that only secure nodes are used in this type of transmission. The data is encrypted for security; the nodes themselves can be insecure. References: , John Wiley & Sons, New York, 2001, p. 126

Answer 175

Correct Answer: D In cryptography, a public key certificate (also known as a digital certificate or identity certificate) is an electronic document used to prove ownership of a public key. The certificate includes information about the key, information about its owner's identity, and the digital signature of an entity that has verified the certificate's contents are correct. If the signature is valid, and the person examining the certificate trusts the signer, then they know they can use that key to communicate with its owner. In a typical public-key infrastructure (PKI) scheme, the signer is a certificate authority (CA), usually a company which charges customers to issue certificates for them. If you trust the Root CA, youll trust all certificates issued by the CA. All web browsers come with an extensive built-in list of trusted root certificates, many of which are controlled by organizations that may be unfamiliar to the user. The built-in list of trusted root certificates is a collection of Public Key certificates from the CAs. Incorrect Answers: A: The private key is always retained by the owner (in this case, a CA); it is never distributed. B: You would not find a symmetric key within a browser's list of trusted root CAs. C: You would not find a recovery key within a browser's list of trusted root CAs. References: https://en.wikipedia.org/wiki/Public_key_certificate

Answer 176

Correct Answer: A Electronic Code Book (ECB) works with blocks of data independently. As a result, data within a file does not have to be encrypted in a specific order. This is extremely accommodating when making use of encryption in databases. Incorrect Answers: B: Cipher Block Chaining (CBC) is mostly used for encrypting message data. C: Cipher Feedback (CFB) is mostly used for encrypting message data. D: Output Feedback (OFB) is used for encrypting digitized video or voice signals. References: , 6th Edition, McGraw-Hill, 2013, pp. 800-807

Answer 177

Correct Answer: C Advanced Encryption Standard (AES) is a block symmetric cipher that makes use of 128-bit block sizes and various key lengths. Incorrect Answers: A, B, & D: Elliptic curve cryptosystem (ECC), Diffie-Hellman, and Merkle-Hellman Knapsack are asymmetric key algorithms. References: , 6th Edition, McGraw-Hill, 2013, pp. 811, 815

Answer 178

Correct Answer: A The Trusted Platform Module (TPM) is a microchip installed on the motherboard of modern computers. TPM is dedicated to executing security functions that include the storage and processing of symmetric and asymmetric keys, hashes, and digital certificates. Incorrect Answers: B: Trusted BIOS Module is not a valid term. C: A central processing unit (CPU) is the electronic circuitry within a computer that carries out the instructions of a computer program by executing the basic arithmetic, logical, control and input/output (I/O) operations detailed by the instructions. D: An arithmetic logic unit (ALU) refers to a digital electronic circuit that executes arithmetic and bitwise logical operations on integer binary numbers. References: , 6th Edition, McGraw-Hill, 2013, pp. 843 https://en.wikipedia.org/wiki/Central_processing_unit https://en.wikipedia.org/wiki/Arithmetic_logic_unit

Answer 179

Correct Answer: C The maximum key size is 256 bits, not 512 bits. Rijndael is a block symmetric cipher that was chosen to fulfill the Advanced Encryption Standard. It uses a 128-bit block size and various key lengths (128, 192, 256). The Rijndael specification is specified with block and key sizes that may be any multiple of 32 bits, both with a minimum of 128 and a maximum of 256 bits. Incorrect Answers: A: It is true that the key sizes must be a multiple of 32 bits. B: It is true that the maximum block size is 256 bits. D: It is true that the key size does not have to match the block size. References: http://searchsecurity.techtarget.com/definition/Rijndael https://en.wikipedia.org/wiki/Advanced_Encryption_Standard , John Wiley & Sons, New York, 2001, p. 145

Answer 180

Correct Answer: C This option is incorrect because the block sizes supported by Rijndael are 128, 192, and 256 bits. Incorrect Answers: A: Rijndael is a substitution linear transformation cipher that uses triple discreet invertible uniform transformations. B, D: The Advanced Encryption Standard (AES), also known as Rijndael, performs well on a wide variety of hardware. Hardware ranges from 8-bit smart cards to high-performance computers. References: https://en.wikipedia.org/wiki/Advanced_Encryption_Standard http://searchsecurity.techtarget.com/definition/Rijndael

Answer 181

Correct Answer: C Support for two pairs of public-private keys is a fundamental requirement for some PKIs. One key pair is for data encryption and the other key pair is for digitally signing documents. When digitally signing a message for non-repudiation, the private key is used. The public key (with the key usage attribute "non-repudiation") associated with the private key is used to verify the signed messages. Incorrect Answers: A: An X.509 public key certificate with the key usage attribute "non-repudiation" cannot be used for encrypting messages. B: When digitally signing a message for non-repudiation, the private key is used, not the public key. D: An X.509 public key certificate with the key usage attribute "non-repudiation" cannot be used for decrypting messages. References: https://docs.oracle.com/cd/E13215_01/wlibc/docs81/admin/certificates.html

Answer 182

Correct Answer: A The certification path validation algorithm is the algorithm which verifies that a given certificate path is valid under a given public key infrastructure (PKI). A path starts with the Subject certificate and proceeds through a number of intermediate certificates up to a trusted root certificate, typically issued by a trusted Certification Authority (CA). Path validation is necessary for a relying party to make an informed trust decision when presented with any certificate that is not already explicitly trusted. For example, in a hierarchical PKI, a certificate chain starting with a web server certificate might lead to a small CA, then to an intermediate CA, then to a large CA whose trust anchor is present in the relying party's web browser. Incorrect Answers: B: Certificate path validation is not verification of the integrity of the associated root certificate. C: Certificate path validation is not verification of the integrity of the concerned private key. D: Certificate path validation is not verification of the revocation status of the concerned certificate; this is a Certificate Revocation Check. References: https://en.wikipedia.org/wiki/Certification_path_validation_algorithm

Answer 183

Correct Answer: C ROT13 was an encryption method that is similar to Caesar cipher, but instead of shifting 3 spaces in the alphabet it shifted 13 spaces. Incorrect Answers: A: Caesar cipher shifts three spaces. B: A polyalphabetic cipher makes use of more than one alphabet. D: Transposition cyphers moves the original values around. References: , 6th Edition, McGraw-Hill, 2013, pp. 762, 774, 778

Answer 184

``` Correct Answer: A MD5 generates a 128-bit hash. Incorrect Options: B: SHA generates a 160-bit hash value. C: SHA-256 generates a 256-bit value. D: MD5 generates a 128-bit, not a 128 byte, hash. Reference: , 6th Edition, McGraw-Hill, 2013, pp. 826, 827 ```

Answer 185

Correct Answer: A Message Authentication Code (MAC) is a keyed cryptographic hash function that is used for data integrity and data origin authentication. Incorrect Answers: B: A pluggable authentication module (PAM) is used to integrate multiple low-level authentication schemes into a high-level application programming interface (API). C: A Negative Acknowledgement Message is a protocol message that is sent in many communications protocols to negatively acknowledge or reject a previously received message, or to show some kind of error. D: Digital Signature Certificate is an invalid term. Digital signatures and digital certificates are two different security measures. References: , 6th Edition, McGraw-Hill, 2013, pp. 832 https://en.wikipedia.org/wiki/Pluggable_authentication_module https://en.wikipedia.org/wiki/NAK_(protocol_message) http://searchsecurity.techtarget.com/answer/The-difference-between-a-digital-signature-and-digital-certificate

Answer 186

Correct Answer: A The Trusted Platform Module (TPM) is a microchip installed on the motherboard of modern computers. TPM is dedicated to executing security functions that include the storage and processing of symmetric and asymmetric keys, hashes, and digital certificates. Incorrect Answers: B: Trusted Procedure Module is not a valid term. C: A smart card is not located on the motherboard of a computer. D: The Enigma machines were a series of electro-mechanical rotor cipher machines developed and used to protect commercial, diplomatic and military communication. References: , 6th Edition, McGraw-Hill, 2013, pp. 200, 201, 843 https://en.wikipedia.org/wiki/Enigma_machine

Answer 187

Correct Answer: B A stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream (keystream). In a stream cipher each plaintext digit is encrypted one at a time with the corresponding digit of the keystream, to give a digit of the ciphertext stream. Since encryption of each digit is dependent on the current state of the cipher, so it is also known as state cipher. In practice, a digit is typically a bit and the combining operation an exclusive-or (XOR). The pseudorandom keystream is typically generated serially from a random seed value using digital shift registers. The seed value serves as the cryptographic key for decrypting the ciphertext stream. Stream ciphers typically execute at a higher speed than block ciphers and have lower hardware complexity. However, stream ciphers can be susceptible to serious security problems if used incorrectly; in particular, the same starting state (seed) must never be used twice. Incorrect Answers: A: A stream cipher is not a type of asymmetric encryption algorithm; it is a symmetric key cipher. C: A stream cipher is not slower than a block cipher; it is faster. D: Stream ciphers require a lot of randomness and encrypt individual bits at a time. This requires more processing power than block ciphers require, which is why stream ciphers are better suited to be implemented at the hardware level. References: https://en.wikipedia.org/wiki/Stream_cipher

Answer 188

Correct Answer: C It is not true that plain text is encrypted with a public key and decrypted with a private key with a block cipher. Block ciphers use symmetric keys. In cryptography, a block cipher is a deterministic algorithm operating on fixed-length groups of bits, called blocks, with an unvarying transformation that is specified by a symmetric key. Block ciphers are important elementary components in the design of many cryptographic protocols, and are widely used to implement encryption of bulk data. Stream ciphers represent a different approach to symmetric encryption from block ciphers. Block ciphers operate on large blocks of digits with a fixed, unvarying transformation. This distinction is not always clear-cut: in some modes of operation, a block cipher primitive is used in such a way that it acts effectively as a stream cipher. Incorrect Answers: A: It is true that a block cipher operates on fixed-size blocks of plaintext. B: Stream ciphers require a lot of randomness and encrypt individual bits at a time. This requires more processing power than block ciphers require, which is why stream ciphers are better suited to be implemented at the hardware level. Because block ciphers do not require as much processing power, they can be easily implemented at the software level. D: It is true that some Block ciphers can operate internally as a stream. References: https://en.wikipedia.org/wiki/Block_cipher https://en.wikipedia.org/wiki/Stream_cipher

Answer 189

Correct Answer: B Cryptography can prevent unauthorized users from being able to read or modify the data. However, it cannot prevent someone deleting the encrypted data. Modern cryptography concerns itself with the following four objectives: 1. Confidentiality (the information cannot be understood by anyone for whom it was unintended) 2. Integrity (the information cannot be altered in storage or transit between sender and intended receiver without the alteration being detected) 3. Non-repudiation (the creator/sender of the information cannot deny at a later stage his or her intentions in the creation or transmission of the information) 4. Authentication (the sender and receiver can confirm each others identity and the origin/destination of the information. Incorrect Answers: A: Integrity means that the information cannot be altered in storage or transit. This also means that the data is protected against fraudulent insertion. C: Integrity means that the information cannot be altered in storage or transit. This also means that the data is protected against fraudulent modification. D: Confidentiality ensures that the necessary level of secrecy is enforced at each junction of data processing and prevents unauthorized disclosure. References: http://searchsoftwarequality.techtarget.com/definition/cryptography , 6th Edition, McGraw-Hill, 2013, p. 24

Answer 190

Correct Answer: A The CA is responsible for creating and handing out certificates, maintaining them, and revoking them if necessary. Revocation is handled by the CA, and the revoked certificate information is stored on a certificate revocation list (CRL). This is a list of every certificate that has been revoked. This list is maintained and updated periodically. Online Certificate Status Protocol (OCSP) is being used more and more rather than the cumbersome CRL approach. When using just a CRL, the users browser must either check a central CRL to find out if the certification has been revoked or the CA has to continually push out CRL values to the clients to ensure they have an updated CRL. If OCSP is implemented, it does this work automatically in the background. It carries out real-time validation of a certificate and reports back to the user whether the certificate is valid, invalid, or unknown. OCSP checks the CRL that is maintained by the CA. So the CRL is still being used, but now we have a protocol developed specifically to check the CRL during a certificate validation process. Incorrect Answers: B: The OCSP (Online Certificate Status Protocol) is not a proprietary certificate mechanism developed by Microsoft; it is an open standard. C: The OCSP (Online Certificate Status Protocol) is not used only by Active Directory. D: The OCSP (Online Certificate Status Protocol) is not a way to check the attributes of a certificate; it is a way to check the revocation status of a certificate. References: , 6th Edition, McGraw-Hill, 2013, pp. 836-837

Answer 191

Correct Answer: B A polyalphabetic cipher makes use of more than one alphabet to conquer frequency analysis. Incorrect Answers: A, C: Substitution and transposition ciphers are susceptible to attacks that perform frequency analysis. D: The Ceasar Cipher is a type of substitution cipher. References: , 6th Edition, McGraw-Hill, 2013, pp. 780, 781, 871

Answer 192

Correct Answer: C Historically, a code refers to a cryptosystem that deals with linguistic units: words, phrases, sentences, and so forth. For example, the word "OCELOT" might be the ciphertext for the entire phrase "TURN LEFT 90 DEGREES," the word "LOLLIPOP" might be the ciphertext for "TURN RIGHT 90 DEGREES". Codes are only useful for specialized circumstances where the message to transmit has an already defined equivalent ciphertext word. Incorrect Answers: A: A code is not a generic term for encryption. B: A code is not specific to substitution ciphers. D: A code is not a specific to transposition ciphers. References: https://www.cs.duke.edu/courses/fall02/cps182s/readings/APPLYC1.pdf

Answer 193

Correct Answer: C Signature-based MAC (SMAC) is not a known type of Message Authentication Code (MAC). Message authentication code is a cryptographic function that uses a hashing algorithm and symmetric key for data integrity and system origin functions. A keyed-hash message authentication code (HMAC) is a specific construction for calculating a message authentication code (MAC) involving a cryptographic hash function in combination with a secret cryptographic key. A cipher block chaining message authentication code (CBC-MAC) is a technique for constructing a message authentication code from a block cipher. The message is encrypted with some block cipher algorithm in CBC mode to create a chain of blocks such that each block depends on the proper encryption of the previous block. A message authentication code based on universal hashing, or UMAC, is a type of message authentication code (MAC) calculated choosing a hash function from a class of hash functions according to some secret (random) process and applying it to the message. Incorrect Answers: A: Keyed-hash message authentication code (HMAC) is a known type of Message Authentication Code (MAC). B: DES-CBC is a known type of Message Authentication Code (MAC). D: Universal Hashing Based MAC (UMAC) is a known type of Message Authentication Code (MAC). References: https://en.wikipedia.org/wiki/UMAC https://en.wikipedia.org/wiki/Hash-based_message_authentication_code https://en.wikipedia.org/wiki/CBC-MAC

Answer 194

Correct Answer: D RC5 is a block cipher that has a variety of parameters it can use for block size, key size, and the number of rounds used. It was created by Ron Rivest and analyzed by RSA Data Security, Inc. The block sizes used in this algorithm are 32, 64, or 128 bits, and the key size goes up to 2,048 bits. The number of rounds used for encryption and decryption is also variable. The number of rounds can go up to 255. Incorrect Answers: A: The maximum key size for the RC5 algorithm is 2048 bits, not 128 bits. B: The maximum key size for the RC5 algorithm is 2048 bits, not 256 bits. C: The maximum key size for the RC5 algorithm is 2048 bits, not 1024 bits. References: , 6th Edition, McGraw-Hill, 2013, p. 810

Answer 195

Correct Answer: B RC4 is one of the most commonly implemented stream ciphers. Incorrect Answers: A, C, & D: RC2, RC5and RC6 are block ciphers. References: , 6th Edition, McGraw-Hill, 2013, p. 810 https://en.wikipedia.org/wiki/RC2

Answer 196

Correct Answer: A This is a tricky question. The client generates the "pre-master" secret. See step 4 of the process below. However, the master secret that will be used as a seed to generate the symmetric keys is generated (from the pre-master secret) by both the client and server. See step 6 below. The steps involved in the SSL handshake are as follows (note that the following steps assume the use of the cipher suites listed in Cipher Suites with RSA Key Exchange: Triple DES, RC4, RC2, DES): 1. The client sends the server the client's SSL version number, cipher settings, session-specific data, and other information that the server needs to communicate with the client using SSL. 2. The server sends the client the server's SSL version number, cipher settings, session-specific data, and other information that the client needs to communicate with the server over SSL. The server also sends its own certificate, and if the client is requesting a server resource that requires client authentication, the server requests the client's certificate. 3. The client uses the information sent by the server to authenticate the server (see Server Authentication for details). If the server cannot be authenticated, the user is warned of the problem and informed that an encrypted and authenticated connection cannot be established. If the server can be successfully authenticated, the client proceeds to step 4. 4. Using all data generated in the handshake thus far, the client (with the cooperation of the server, depending on the cipher being used) creates the pre-master secret for the session, encrypts it with the server's public key (obtained from the server's certificate, sent in step 2), and then sends the encrypted pre-master secret to the server. 5. If the server has requested client authentication (an optional step in the handshake), the client also signs another piece of data that is unique to this handshake and known by both the client and server. In this case, the client sends both the signed data and the client's own certificate to the server along with the encrypted pre-master secret. 6. If the server has requested client authentication, the server attempts to authenticate the client (see Client Authentication for details). If the client cannot be authenticated, the session ends. If the client can be successfully authenticated, the server uses its private key to decrypt the pre-master secret, and then performs a series of steps (which the client also performs, starting from the same pre-master secret) to generate the master secret. 7. Both the client and the server use the master secret to generate the session keys, which are symmetric keys used to encrypt and decrypt information exchanged during the SSL session and to verify its integrity (that is, to detect any changes in the data between the time it was sent and the time it is received over the SSL connection). 8. The client sends a message to the server informing it that future messages from the client will be encrypted with the session key. It then sends a separate (encrypted) message indicating that the client portion of the handshake is finished. 9. The server sends a message to the client informing it that future messages from the server will be encrypted with the session key. It then sends a separate (encrypted) message indicating that the server portion of the handshake is finished. 10. The SSL handshake is now complete and the session begins. The client and the server use the session keys to encrypt and decrypt the data they send to each other and to validate its integrity. 11. This is the normal operation condition of the secure channel. At any time, due to internal or external stimulus (either automation or user intervention), either side may renegotiate the connection, in which case, the process repeats itself. Incorrect Answers: B: The client generates the "pre-master" secret, not the "master secret". The master secret that will be used as a seed to generate the symmetric keys is generated (from the pre-master secret) by both the client and server. C: The master certificate is not generated by the web server alone; the client also generates the master secret. D: The merchant's Certificate Server does not generate the master secret. References: https://support.microsoft.com/en-us/kb/257591

Answer 197

Correct Answer: C Blowfish is a block cipher that works on 64-bit blocks of data. The key length can be anywhere from 32 bits up to 448 bits, and the data blocks go through 16 rounds of cryptographic functions. It was intended as a replacement to the aging DES. While many of the other algorithms have been proprietary and thus encumbered by patents or kept as government secrets, this wasn’t the case with Blowfish. Bruce Schneier, the creator of Blowfish, has stated, "Blowfish is unpatented, and will remain so in all countries. The algorithm is hereby placed in the public domain, and can be freely used by anyone." Incorrect Answers: A: RC2 was designed to be a proprietary encryption algorithm. B: RC4 was designed to be a proprietary encryption algorithm. D: Skipjack was designed to be a proprietary encryption algorithm. References: , 6th Edition, McGraw-Hill, 2013, p. 810

Answer 198

Correct Answer: D The Clipper Chip made use of the Skipjack algorithm, which is a symmetric cipher that uses an 80-bit key. Incorrect Answers: A: RC4 is able to use key sizes ranging from 40 bits to 256 bits. B: DES makes use of a 64-bit key, of which 56 bits make up the true key, and 8 bits are used for parity. C: DES makes use of a 64-bit key, of which 56 bits make up the true key, and 8 bits are used for parity. References: , 6th Edition, McGraw-Hill, 2013, pp. 800-802,

Answer 199

Correct Answer: B SHA-1 is a hashing algorithm. Incorrect Answers: A: Skipjack is an algorithm used for encryption. C: Twofish is a symmetric block cipher that is used for encryption. D: DEA is the algorithm that fulfills DES, which provides encryption. References: , 6th Edition, McGraw-Hill, 2013, p. 800, 831 https://en.wikipedia.org/wiki/Skipjack_(cipher)

Answer 200

Correct Answer: B The concealment cipher is a symmetric key, transposition cipher where the words or characters of the plaintext message are embedded in a page of words or characters at a consistent interval. Incorrect Answers: A: Transposition cyphers moves the original values around. C: The substitution cipher substitutes bits, characters, or blocks of characters with different bits, characters, or blocks. D: Steganography is a technique used to hide data in another media type so that the presence of the data is masked. Reference: , OReilly Media, 2013, California, p. 156 , 6th Edition, McGraw-Hill, 2013, pp. 774, 777

Answer 201

Correct Answer: B AH provides authentication and integrity, and ESP can provide those two functions and confidentiality. Why even bother with AH then? In most cases, the reason has to do with whether the environment is using network address translation (NAT). IPSec will generate an integrity check value (ICV), which is really the same thing as a MAC value, over a portion of the packet. Remember that the sender and receiver generate their own integrity values. In IPSec, it is called an ICV value. The receiver compares her ICV value with the one sent by the sender. If the values match, the receiver can be assured the packet has not been modified during transmission. If the values are different, the packet has been altered and the receiver discards the packet. The AH protocol calculates this ICV over the data payload, transport, and network headers. If the packet then goes through a NAT device, the NAT device changes the IP address of the packet. That is its job. This means a portion of the data (network header) that was included to calculate the ICV value has now changed, and the receiver will generate an ICV value that is different from the one sent with the packet, which means the packet will be discarded automatically. The ESP protocol follows similar steps, except it does not include the network header portion when calculating its ICV value. When the NAT device changes the IP address, it will not affect the receivers ICV value because it does not include the network header when calculating the ICV. Incorrect Answers: A: The key session exchange does not affect the use of AH and its Integrity Check Value. C: The VPN cryptographic key size does not affect the use of AH and its Integrity Check Value. D: The crypotographic algorithm used does not affect the use of AH and its Integrity Check Value. , 6th Edition, McGraw-Hill, 2013, pp. 862-863

Answer 202

Correct Answer: C IPSec (Internet Protocol Security) is a standard that provides encryption, access control, non-repudiation, and authentication of messages over an IP network. SSH (Secure Shell) is a set of protocols that are primarily used for remote access over a network by establishing an encrypted tunnel between an SSH client and an SSH server. SSL (Secure Sockets Layer) is an encryption technology that is used to provide secure transactions such as the exchange of credit card numbers. SSL is a socket layer security protocol and is a two-layered protocol that contains the SSL Record Protocol and the SSL Handshake Protocol. Similar to SSH, SSL uses symmetric encryption for private connections and asymmetric or public key cryptography for peer authentication. Incorrect Answers: A: MPLS (Multiprotocol Label Switching) is a WAN technology that does not provide encryption. L2F (Layer 2 Forwarding Protocol) is a tunneling protocol that does not provide encryption by itself. L2TP (Layer 2 Tunneling Protocol) is also a tunneling protocol that does not provide encryption by itself. B: TFTP (Trivial File Transfer Protocol) is used for transferring files. TFTP does not provide encryption. D: MPLS (Multiprotocol Label Switching) is a WAN technology that does not provide encryption. L2TP (Layer 2 Tunneling Protocol) is a tunneling protocol that does not provide encryption by itself. References: , John Wiley & Sons, New York, 2001, p. 86

Answer 203

Correct Answer: B International Data Encryption Algorithm (IDEA) is a block cipher that operates on 64-bit blocks of data, which is divided into 16 smaller blocks, with eight rounds of mathematical functions performed on each to produce a key that is 128 bits long. Incorrect Answers: A: The block of data that the International Data Encryption Algorithm (IDEA) operates on is 64 bit in size. C: SHA produces a 160-bit hash value. D: Tiger produces a hash size of 192 bits. References: , 6th Edition, McGraw-Hill, 2013, pp. 809, 810,

Answer 204

Correct Answer: B The rules for keys and key management advise that the keys must be extremely random. It also states that the algorithm must make use of the full spectrum of the keyspace. Incorrect Answers: A, C, D: These options are included in the rules for keys and key management. References: , 6th Edition, McGraw-Hill, 2013, p. 842

Answer 205

Correct Answer: C Link encryption encrypts all the data along a specific communication path, as in a satellite link, T3 line, or telephone circuit. Not only is the user information encrypted, but the header, trailers, addresses, and routing data that are part of the packets are also encrypted. The only traffic not encrypted in this technology is the data link control messaging information, which includes instructions and parameters that the different link devices use to synchronize communication methods. Link encryption provides protection against packet sniffers and eavesdroppers. Link encryption, which is sometimes called online encryption, is usually provided by service providers and is incorporated into network protocols. All of the information is encrypted, and the packets must be decrypted at each hop so the router, or other intermediate device, knows where to send the packet next. The router must decrypt the header portion of the packet, read the routing and address information within the header, and then re-encrypt it and send it on its way. Incorrect Answers: A: It is true that link encryption encrypts all the data along a specific communication path. B: It is true that link encryption provides protection against packet sniffers and eavesdroppers. C: It is true that user information, header, trailers, addresses and routing data that are part of the packets are encrypted. References: , 6th Edition, McGraw-Hill, 2013, p. 845-846

Answer 206

Correct Answer: A MQV (Menezes-Qu-Vanstone) is an authentication key agreement cryptography function very similar to Diffie-Hellman. The users public keys are exchanged to create session keys. It provides protection from an attacker figuring out the session key because she would need to have both users private keys. The MQV elliptic curve key agreement method is used to establish a shared secret between parties who already possess trusted copies of each others static public keys. Both parties still generate dynamic public and private keys and then exchange public keys. However, upon receipt of the other partys public key, each party calculates a quantity called an implicit signature using its own private key and the other partys public key. The shared secret is then generated from the implicit signature. The term implicit signature is used to indicate that the shared secrets do not agree if the other partys public key is not employed, thus giving implicit verification that the public secret is generated by the public party. An attempt at interception will fail as the shared secrets will not be the same shared secrets because the adversarys private key is not linked to the trusted public key. Incorrect Answers: B: DH (Diffie-Hellman) does not use implicit signatures. C: ECC (Elliptic Curve Cryptosystem) does not use implicit signatures. D: RSA does not use implicit signatures. References: , 6th Edition, McGraw-Hill, 2013, p. 815

Answer 207

Correct Answer: C Cryptology involves hiding data to make it unreadable by unauthorized parties. Keys are used to provide the encryption used in cryptology. However, cryptology itself is not concerned with the management of the keys used by the encryption algorithms. Modern cryptography concerns itself with the following four objectives: 1. Confidentiality (the information cannot be understood by anyone for whom it was unintended) 2. Integrity (the information cannot be altered in storage or transit between sender and intended receiver without the alteration being detected) 3. Non-repudiation (the creator/sender of the information cannot deny at a later stage his or her intentions in the creation or transmission of the information) 4. Authentication (the sender and receiver can confirm each others identity and the origin/destination of the information. Incorrect Answers: A: Internet Security Association and Key Management Protocol (ISAKMP) provides a framework for security association creation and key exchange. B: The Diffie-Hellman protocol is a key agreement protocol. D: Key Exchange Algorithm as its name suggests is used for the exchange of keys. References: http://searchsoftwarequality.techtarget.com/definition/cryptography

Answer 208

Correct Answer: C A message digest should be calculated using all of the original files data regardless of whether the original data is more or less than 128 bytes. The output of a hash function is called a message digest. The message digest is uniquely derived from the input file and, if the hash algorithm is strong, the message digest has the following characteristics: 1. The hash function is considered one-way because the original file cannot be created from the message digest. 2. Two files should not have the same message digest. 3. Given a file and its corresponding message digest, it should not be feasible to find another file with the same message digest. 4. The message digest should be calculated using all of the original files data. Incorrect Answers: A: It is true that the original file cannot be created from the message digest. B: It is true that two different files should not have the same message digest. D: It is true that message digests are usually of fixed size. References: , John Wiley & Sons, New York, 2001, p. 151-

Answer 209

Correct Answer: D Internet Key Exchange (IKE) is not included in a Public Key Infrastructure (PKI). IKE is a key management protocol used in IPSec. A PKI may be made up of the following entities and functions: ✑ Certification authority ✑ Registration authority ✑ Certificate repository ✑ Certificate revocation system ✑ Key backup and recovery system ✑ Automatic key update ✑ Management of key histories ✑ Timestamping ✑ Client-side software Incorrect Answers: A: Timestamping is included in a Public Key Infrastructure (PKI). B: Repository (certificate repository) is included in a Public Key Infrastructure (PKI). C: Certificate revocation is included in a Public Key Infrastructure (PKI). References: , 6th Edition, McGraw-Hill, 2013, p. 839

Answer 210

Correct Answer: B In order to protect against fraud in electronic fund transfers, the Message Authentication Code (MAC), ANSI X9.9, was developed. The MAC is a check value, which is derived from the contents of the message itself, that is sensitive to the bit changes in a message. It is similar to a Cyclic Redundancy Check (CRC). A MAC is appended to the message before it is transmitted. At the receiving end, a MAC is generated from the received message and is compared to the MAC of an original message. A match indicates that the message was received without any modification occurring while en route. Incorrect Answers: A: A consortium including MasterCard and Visa developed SET in 1997 as a means of preventing fraud from occurring during electronic payments. SET provides confidentiality for purchases by encrypting the payment information. Thus, the seller cannot read this information. This is not what is described in the question. C: Cyclic redundancy checking is a method of checking for errors in data that has been transmitted on a communications link. A sending device applies a 16- or 32-bit polynomial to a block of data that is to be transmitted and appends the resulting cyclic redundancy code (CRC) to the block. This is not what is described in the question. D: The Secure Hash Standard (SHS) is a set of cryptographically secure hash algorithms specified by the National Institute of Standards and Technology (NIST). This is not what is described in the question. References: , John Wiley & Sons, New York, 2001, p. 160 https://en.wikipedia.org/wiki/Secure_Hash_Standard

Answer 211

Correct Answer: B The SSL protocol was developed by Netscape in 1994 to secure Internet client-server transactions. The SSL protocol authenticates the server to the client using public key cryptography and digital certificates. In addition, this protocol also provides for optional client to server authentication. It supports the use of RSA public key algorithms, IDEA, DES and 3DES private key algorithms, and the MD5 hash function. Web pages using the SSL protocol start with HTTPs. SSL 3.0 and its successor, the Transaction Layer Security (TLS) 1.0 protocol are de-facto standards, but they do not provide the end-to-end capabilities of SET. TLS implements confidentiality, authentication, and integrity above the Transport Layer, and it resides between the application and TCP layer. Thus, TLS, as with SSL, can be used with applications such as Telnet, FTP, HTTP, and email protocols. Both SSL and TLS use certificates for public key verification that are based on the X.509 standard. Incorrect Answers: A: It is true that the SSL protocol was developed by Netscape to secure Internet client-server transactions. C: It is true that Web pages using the SSL protocol start with HTTPS. D: It is true that SSL can be used with applications such as Telnet, FTP and email protocols. References: , John Wiley & Sons, New York, 2001, p. 160

Answer 212

Correct Answer: A Internet Key Exchange (IKE) is the protocol employed to establish a security association (SA) in the IPsec protocol suite. Incorrect Answers: B: Secure Key Exchange Mechanism allows different key distribution methods to be applied. C: OAKLEY is a key-agreement protocol that enables authenticated parties to exchange keying material via an insecure link by making use of the DiffieHellman key exchange algorithm. D: Internet Security Association and Key Management Protocol is a protocol defined for instituting Security Associations (SA) and cryptographic keys in an Internet environment. References: https://en.wikipedia.org/wiki/Internet_Key_Exchange , OReilly Media, 2013, California, p. 226 https://en.wikipedia.org/wiki/Oakley_protocol https://en.wikipedia.org/wiki/Internet_Security_Association_and_Key_Management_Protocol

Answer 213

Correct Answer: B A typical PKI consists of hardware, software, policies and standards to manage the creation, administration, distribution and revocation of keys and digital certificates. Digital certificates are at the heart of PKI as they affirm the identity of the certificate subject and bind that identity to the public key contained in the certificate. Incorrect Answers: A: A public-key certificate contains a public key. However, it is the PKI (in particular the certificate authority) that verifies the subjects identity and binds the subject name to the public key value. C: A secret key infrastructure is not a valid answer. A secret key can refer to a private key or more commonly to a shared key used in symmetric encryption. D: A private key (and its corresponding public key) is usually generated by a user or application. The public key is then validated and signed by a CA. A private key does not bind a subject name to a public key value. References: http://searchsecurity.techtarget.com/definition/PKI

Answer 214

Correct Answer: B The US American National Standards Institute (ANSI) X9 committee developed the concept of attribute certificate as a data structure that binds some attributes values with the identification information about its holder. According to RFC 2828 [24], an attribute certificate is "a digital certificate that binds a set of descriptive data items, other than a public key, either directly to a subject name or to the identifier of another certificate that is a public-key certificate. One of the advantages of attribute certificate is that it can be used for various other purposes. It may contain group membership, role clearance, or any other form of authorization. Incorrect Answers: A: An attribute certificate can be used to supplement a public-key certificate by storing additional information or attributes. However, an attribute certificate, not a public-key certificate is what is described in the question. C: A digital certificate is another name for a public key certificate. It is an electronic document used to prove ownership of a public key. This is not what is described in the question. D: A descriptive certificate is not a defined certificate type.

Answer 215

Correct Answer: C An Authority Revocation List (ARL) is a list of serial numbers for public key certificates issued to certificate authorities that have been revoked, and therefore should not be relied upon. Incorrect Answers: A: A certificate revocation list (CRL) is a list of serial numbers for certificates that have been revoked, and should therefore, no longer trust entities presenting them. B: A certificate revocation tree is a mechanism for distributing notices of certificate revocations, but is not supported in X.509. D: A list of untrusted certificates is known as an untrusted CTL. It does not contain revoked certificates, but untrusted ones. References: https://en.wikipedia.org/wiki/Revocation_list http://zvon.org/comp/r/ref-Security_Glossary.html#Terms~certificate_revocation_tree https://technet.microsoft.com/en-us/library/dn265983.aspx

Answer 216

Correct Answer: B A certification authority issues digital certificates that include a public key and the identity of the owner. The matching private key is not publicly available, but kept secret by the end user who created the key pair. The certificate is also a confirmation or validation by the CA that the public key contained in the certificate belongs to the person, organization, server or other entity noted in the certificate. A certification authoritys duty in such schemes is to verify an applicant's credentials, so that users and relying parties are able to trust the information in the CA's certificates. Incorrect Answers: A: A registration authority (RA) confirms user requests for a digital certificate and informs the certificate authority (CA) to distribute it. C: An issuing authority does not vouch for the binding between the data items in a digital certificate. D: A vouching authority does not vouch for the binding between the data items in a digital certificate. References: https://en.wikipedia.org/wiki/Certificate_authority http://searchsecurity.techtarget.com/definition/registration-authority

Answer 217

Correct Answer: C Hybrid cryptography is the combined use of symmetric and asymmetric algorithms where the symmetric key encrypts data and an asymmetric key encrypts the symmetric key. A digital envelope is another term used to describe hybrid cryptography. When a message is encrypted with a symmetric key (secret key) and the symmetric key is encrypted with an asymmetric key, it is collectively known as a digital envelope. Incorrect Answers: A: A message that is encrypted and signed with a digital certificate is not the correct definition of a digital envelope. The message would have to be encrypted with a symmetric key and the symmetric key is encrypted with an asymmetric key to be a digital envelope. This answer does not specify what type of encryption is used. B: A message that is signed with a secret key and encrypted with the sender's private key is not the correct definition of a digital envelope. A private key is an asymmetric key. In a digital envelope, the message is encrypted with a symmetric key and the symmetric key is encrypted with an asymmetric key. D: A message that is encrypted with the recipient's public key and signed with the sender's private key is not the correct definition of a digital envelope. A public key is an asymmetric key. In a digital envelope, the message is encrypted with a symmetric key and the symmetric key is encrypted with an asymmetric key. References: , 6th Edition, McGraw-Hill, 2013, p. 811

Answer 218

Correct Answer: D A digital signature is a hash value that is encrypted with the senders private key. The hashing function guarantees the integrity of the message, while the signing of the hash value offers authentication and nonrepudiation. Incorrect Answers: A: When a message is encrypted with a symmetric key and the symmetric key is encrypted with an asymmetric key, it is collectively known as a digital envelope. B: A cryptographic hash can be used in digital signatures, but signatures are not part of the hash function. C: Message authentication code (MAC) is a keyed cryptographic hash function that is used for data integrity and data origin authentication. It does not, however, require a signature. References: , 6th Edition, McGraw-Hill, 2013, pp. 811, 829, 832 https://en.wikipedia.org/wiki/Cryptographic_hash_function

Answer 219

orrect Answer: C A foot-candle (fc) is an illuminance measurement equal to one lumen per square foot. The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated eight feet high and use two foot-candles, which is a unit that represents the illumination power of an individual light. Incorrect Answers: A: The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated eight feet high and use two foot-candles, not nine feet high with at least three foot-candles. Therefore, this answer is incorrect. B: The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated eight feet high and use two foot-candles, not eight feet high with at least three foot-candles. Therefore, this answer is incorrect. D: The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated eight feet high and use two foot-candles, not nine feet high with at least two foot-candles. Therefore, this answer is incorrect. References: , 6th Edition, McGraw-Hill, 2013, p. 1365

Answer 220

Correct Answer: B ISAKMP defines actions and packet formats to establish, negotiate, modify and delete Security Associations. It is distinct from key exchange protocols with the intention of cleanly separating the details of security association management and key management from the details of key exchange. Incorrect Answers: A: The Oakley Key Determination Protocol is a key-agreement protocol that allows authenticated parties to exchange keying material across an insecure connection by making use of the DiffieHellman key exchange algorithm. C: Simple Key-management for Internet Protocols (SKIP) was a protocol developed by the IETF Security Working Group for the sharing of encryption keys. D: Internet Key Exchange (IKE) provides authenticated keying material for use with ISAKMP. References: https://en.wikipedia.org/wiki/Internet_Security_Association_and_Key_Management_Protocol https://en.wikipedia.org/wiki/Oakley_protocol https://en.wikipedia.org/wiki/Simple_Key-Management_for_Internet_Protocol , 6th Edition, McGraw-Hill, 2013, p. 863

Answer 221

Correct Answer: D The Oakley Key Determination Protocol is a key-agreement protocol that allows authenticated parties to exchange keying material across an insecure connection by making use of the DiffieHellman key exchange algorithm. It formed the basis for the more widely used Internet key exchange protocol. Incorrect Answers: A: The Diffie-Hellman algorithm proposed for IPsec is the Diffie-Hellman Key Exchange Protocol. B: Internet Key Exchange (IKE) provides authenticated keying material for use with ISAKMP. It has not superseded ISAKMP. C: SKIP is a distribution protocol, not a key establishment protocol. References: , 6th Edition, McGraw-Hill, 2013, p. 863 https://en.wikipedia.org/wiki/Oakley_protocol https://en.wikipedia.org/wiki/DiffieHellman_key_exchange https://en.wikipedia.org/wiki/Simple_Key-Management_for_Internet_Protocol

Answer 222

Correct Answer: A With IPsec, Key management can be dealt with manually or automatically via a key management protocol. The genuine standard for IPSec is to make use of Internet Key Exchange (IKE), which is a permutation of the ISAKMP and OAKLEY protocols. Incorrect Answers: B: Security Association Authentication Protocol(SAAP) is not a valid term. C: Simple Key-management for Internet Protocols (SKIP) was a protocol developed by the IETF Security Working Group for the sharing of encryption keys. D: Key Exchange Algorithm includes Diffie-Hellman and RSA, but is not based on OAKLEY. References: , 6th Edition, McGraw-Hill, 2013, p. 863 https://en.wikipedia.org/wiki/Simple_Key-Management_for_Internet_Protocol https://technet.microsoft.com/en-us/library/cc962035.aspx

Answer 223

Correct Answer: B Simple Key-management for Internet Protocols (SKIP) was a protocol developed by the IETF Security Working Group for the sharing of encryption keys. It is a hybrid Key distribution protocol. Incorrect Answers: A: Internet Security Association and Key Management Protocol (ISAKMP) provides a framework for security association creation and key exchange. C: DiffieHellman key exchange (DH) is a specific method of securely exchanging cryptographic keys via a public channel D: Internet Key Exchange (IKE) provides authenticated keying material for use with ISAKMP. References: , 6th Edition, McGraw-Hill, 2013, p. 863 https://en.wikipedia.org/wiki/Simple_Key-Management_for_Internet_Protocol https://en.wikipedia.org/wiki/DiffieHellman_key_exchange

Answer 224

Correct Answer: C According to RFC 4949, key encapsulation is a key recovery technique for storing knowledge of a cryptographic key by encrypting it with another key and ensuring that only certain third parties called "recovery agents" can perform the decryption operation to retrieve the stored key. Key encapsulation typically permits direct retrieval of a secret key used to provide data confidentiality. Incorrect Answers: A: A key recovery technique for storing knowledge of a cryptographic key or parts thereof in the custody of one or more third parties called "escrow agents", so that the key can be recovered and used in specified circumstances. This is not what is described in the question. B: Fair cryptography is not a valid answer. D: Zero-knowledge recovery is not a valid answer. References: http://tools.ietf.org/html/rfc4949

Answer 225

Correct Answer: A In this question, the attacker is trying to obtain the key from several "some plaintext-ciphertext pairs". When the attacker has a copy of the plaintext corresponding to the ciphertext, this is known as a known-plaintext attack. Cryptanalysis is the act of obtaining the plaintext or key from the ciphertext. Cryptanalysis is used to obtain valuable information and to pass on altered or fake messages in order to deceive the original intended recipient. This attempt at "cracking" the cipher is also known as an attack. The following are example of some common attacks: ✑ Known Plaintext. The attacker has a copy of the plaintext corresponding to the ciphertext ✑ Chosen Ciphertext. Portions of the ciphertext are selected for trial decryption while having access to the corresponding decrypted plaintext ✑ Chosen Plaintext. Chosen plaintext is encrypted and the output ciphertext is obtained ✑ Ciphertext Only. Only the ciphertext is available Incorrect Answers: B: A known-algorithm attack is not a defined type of attack. C: With a Chosen-Ciphertext attack, the attacker has a copy of the plaintext corresponding to the ciphertext. This is not what is described in the question. D: With a chosen-plaintext attack, chosen plaintext is encrypted and the output ciphertext is obtained. This is not what is described in the question. References: , John Wiley & Sons, New York, 2001, p. 154

Answer 226

Correct Answer: B International Data Encryption Algorithm (IDEA) is a block cipher and operates on 64-bit blocks of data, which is divided into 16 smaller blocks, and each has eight rounds of mathematical functions performed on it. Incorrect Answers: A: This is the size of one of the smaller blocks. C: This is not a valid block size for block ciphers. D: This is incorrect as it is the initial size of the block. References: , 6th Edition, McGraw-Hill, 2013, pp. 809, 810

Answer 227

Correct Answer: A The computations involved in selecting keys and in enciphering data are complex, and are not practical for manual use. However, using mathematical properties of modular arithmetic and a method known as computing in Galois fields, RSA is quite feasible for computer use. A Galois field is a finite field. Incorrect Answers: B: A finite field is not called a Gladden field. Gladden fields are not used in RSA. C: A finite field is not called a Gallipoli field. Gallipoli fields are not used in RSA. D: A finite field is not called a Galbraith field. Galbraith fields are not used in RSA.

Answer 228

Correct Answer: C It is false that both block size and key length can be extended to multiples of 64 bits; they can be extended in multiples of 32 bits. Rijndael is a block symmetric cipher that was chosen to fulfill the Advanced Encryption Standard. It uses a 128-bit block size and various key lengths (128, 192, 256). The Rijndael specification is specified with block and key sizes that may be any multiple of 32 bits, both with a minimum of 128 and a maximum of 256 bits. Incorrect Answers: A: It is true that the design of Rijndael was strongly influenced by the design of the block cipher Square. B: It is true that a total of 25 combinations of key length and block length are possible. D: It is true that the cipher has a variable block length and key length. References: http://searchsecurity.techtarget.com/definition/Rijndael https://en.wikipedia.org/wiki/Advanced_Encryption_Standard , John Wiley & Sons, New York, 2001, p. 145

Answer 229

Correct Answer: A A chosen-ciphertext attack is one in which a cryptanalyst may choose a piece of ciphertext and attempt to obtain the corresponding decrypted plaintext. This type of attack is generally most applicable to public-key cryptosystems. Incorrect Answers: B: A Ciphertext-Only attack is one which the cryptanalyst obtains a sample of ciphertext without the plaintext associated with it. This data is relatively easy to obtain in many scenarios, but a successful ciphertext-only attack is generally difficult and requires a very large ciphertext sample. This attack is not generally most applicable to public-key cryptosystems. C: Plaintext Only Attack it not a defined attack type. D: An Adaptive-Chosen-Plaintext attack is a special case of chosen-plaintext attack in which the cryptanalyst is able to choose plaintext samples dynamically and alter his or her choices based on the results of previous encryptions. This attack is not generally most applicable to public-key cryptosystems.

Answer 230

Correct Answer: B Cipher locks, also known as programmable locks, are keyless and use keypads to control access into an area or facility. The lock requires a specific combination to be entered into the keypad and possibly a swipe card. They cost more than traditional locks, but their combinations can be changed, specific combination sequence values can be locked out, and personnel who are in trouble or under duress can enter a specific code that will open the door and initiate a remote alarm at the same time. Thus, compared to traditional locks, cipher locks can provide a much higher level of security and control over who can access a facility. Incorrect Answers: A: A bolting door lock is not the name for the type of lock that uses a numeric keypad or dial to gain entry. Therefore, this answer is incorrect. C: Locks that use a numeric keypad or dial to gain entry are often electronic locks. However, they can also be mechanical (non-electronic) locks. Therefore, this answer is incorrect. D: Biometric door locks do not use a numeric keypad or dial to gain entry; they use biometric scanners such as fingerprint or retina scanners. Therefore, this answer is incorrect. References: , 6th Edition, McGraw-Hill, 2013, p. 480

Answer 231

Correct Answer: D In a dry pipe system, there is no water standing in the pipe it is being held back by a clapper valve. In the event of a fire, the valve opens, the air is blown out of the pipe, and the water flows. Incorrect Answers: A: The valve used in a dry pipe system is called a clapper valve, not a relief valve. Therefore, this answer is incorrect. B: The valve used in a dry pipe system is called a clapper valve, not an emergency valve. Therefore, this answer is incorrect. C: The valve used in a dry pipe system is called a clapper valve, not a release valve. Therefore, this answer is incorrect. References: , Wiley Publishing, Indianapolis, 2007, p. 463

Answer 232

Correct Answer: B The most prevalent cause of computer center fires is electrical distribution systems. Most computer circuits use only two to five volts of direct current, which usually cannot start a fire. If a fire does happen in a computer room, it will most likely be an electrical fire caused by overheating of wire insulation or by overheating components that ignite surrounding plastics. Prolonged smoke usually occurs before combustion. Incorrect Answers: A: AC equipment is not the most prevalent cause of computer center fires. Therefore, this answer is incorrect. C: Heating systems are not the most prevalent cause of computer center fires. Computer centers use cooling systems, not heating systems. Therefore, this answer is incorrect. D: Natural causes are not the most prevalent cause of computer center fires. Computer centers are typically protected against natural causes. Therefore, this answer is incorrect. References: , 6th Edition, McGraw-Hill, 2013, p. 469

Answer 233

Correct Answer: D Class C fires are electrical fires which that may occur in electrical equipment or wiring. Class C fire extinguishers use gas, CO2 or dry powders. These extinguishing agents are non-conductive. Class A fire extinguishers use water or foam. Water or foam used on an electrical fire would conduct the electricity and make the fire worse. Therefore, it is TRUE that water-based extinguishers are NOT an effective fire suppression method for class C (electrical) fires. Incorrect Answers: A: Halon is NOT the most common choice as far as agents are concerned. Halon is now known to be dangerous and no longer produced. Therefore, this answer is incorrect. B: Gas masks DO NOT provide an effective protection against use of CO2 systems. CO2 systems work by removing the oxygen from the air. Therefore, this answer is incorrect. C: CO2 systems ARE effective because they suppress the oxygen supply required to sustain the fire. Therefore, this answer is incorrect. References: , 6th Edition, McGraw-Hill, 2013, p. 472

Answer 234

Correct Answer: B Doorways with automatic locks can be configured to be fail-safe or fail-secure. A fail-safe setting means that if a power disruption occurs that affects the automated locking system, the doors default to being unlocked. Fail-safe deals directly with protecting people. If people work in an area and there is a fire or the power is lost, it is not a good idea to lock them in. A fail-secure configuration means that the doors default to being locked if there are any problems with the power. If people do not need to use specific doors for escape during an emergency, then these doors can most likely default to fail-secure settings. Incorrect Answers: A: The doorway should be configured to be fail-safe, not fail-secure. A fail-secure configuration could lock people in the building if a power disruption occurs that affects the automated locking system. Therefore, this answer is incorrect. C: A door delay cipher lock will sound an alarm if the door is held open for too long. This is not a requirement for a doorway of a manned facility. Therefore, this answer is incorrect. D: Piggybacking is when an individual gains unauthorized access by using someone elses legitimate credentials or access rights. Usually an individual just follows another person closely through a door without providing any credentials. It is not a requirement for a doorway of a manned facility to not allow piggybacking. Therefore, this answer is incorrect. References: , 6th Edition, McGraw-Hill, 2013, p. 451

Answer 235

Correct Answer: B System sensing access control readers, also called transponders, recognize the presence of an approaching object within a specific area. This type of system does not require the user to swipe the card through the reader. The reader sends out interrogating signals and obtains the access code from the card without the user having to do anything. Incorrect Answers: A: A passive system sensing device contains no battery or power on the card, but senses the electromagnetic field transmitted by the reader and transmits at different frequencies using the power field of the reader. This device does not send an access code. Therefore, this answer is incorrect. C: A swipe card requires the action from the user; the user has to swipe the card. Therefore, this answer is incorrect. D: A magnetic card requires the action from the user; the user has to swipe the card. Therefore, this answer is incorrect. References: , 6th Edition, McGraw-Hill, 2013, p. 484 , Wiley Publishing, Indianapolis, 2007, p. 471

Answer 236

Correct Answer: B The internal walls of your processing facility must be a floor to ceiling slab with a one-hour minimum fire rating. Any adjacent walls where records such as paper, media, etc. must have a two-hour minimum fire rating. There are different regulations that exist for external walls from state to state. Incorrect Answers: A: Walls to adjacent rooms where records such as paper and media are stored should have a two-hour minimum fire rating, not a one-hour fire rating. Therefore, this answer is incorrect. C: It is not necessary for all walls to have a two-hour minimum fire rating. Therefore, this answer is incorrect. D: It is not necessary for the internal walls to have a two-hour fire rating and it is not necessary for walls to adjacent rooms where records such as paper and media are stored should have a three-hour minimum fire rating. Therefore, this answer is incorrect.

Answer 237

Correct Answer: D The AC units used in an information processing facility must be dedicated and controllable from within the area. They must be on an independent power source from the rest of the room and have a dedicated Emergency Power Off switch. It is positive, not negative pressure that forces smoke and other gases out of the room. Incorrect Answers: A: The AC units must be controllable from inside the area, not outside the area. Therefore, this answer is incorrect. B: The AC units must keep positive pressure in the room, not negative pressure so that smoke and other gases are forced out of the room. Therefore, this answer is incorrect. C: The AC units must be on a different power source as the equipment in the room to allow for easier shutdown. Therefore, this answer is incorrec

Answer 238

Correct Answer: B The following statements pertaining to secure information processing facilities are correct: ✑ Walls should have an acceptable fire rating. ✑ Doors must resist forcible entry. ✑ Location and type of fire suppression systems should be known. ✑ Flooring in server rooms and wiring closets should be raised to help mitigate flooding damage. ✑ Separate AC units must be dedicated to the information processing facilities. ✑ Backup and alternate power sources should exist. The statement "windows should be protected with bars" is tricky. You could argue that they windows should be protected with bars. However, in a ‘secure’ information processing facility, there should be no windows. Incorrect Answers: A: It is true that walls should have an acceptable fire rating. Therefore, this answer is incorrect. C: It is true that doors must resist forcible entry. Therefore, this answer is incorrect. D: It is true that the location and type of fire suppression systems should be known. Therefore, this answer is incorrect.

Answer 239

Correct Answer: A A common problem when using vibration detection devices for perimeter control is false alarms. For example, someone could lean on the fence and trigger an alarm. Perimeter Intrusion Detection and Assessment System (PIDAS) is a type of fencing that has sensors located on the wire mesh and at the base of the fence. It is used to detect if someone attempts to cut or climb the fence. It has a passive cable vibration sensor that sets off an alarm if an intrusion is detected. PIDAS is very sensitive and can cause many false alarms. Incorrect Answers: B: Vibration detection devices for perimeter control are not commonly defeated by electronic means. Therefore, this answer is incorrect. C: Signal amplitude being affected by weather conditions is not common problem when using vibration detection devices for perimeter control. Therefore, this answer is incorrect. D: It is not true that vibration detection devices for perimeter control must be buried below the frost line. Therefore, this answer is incorrect. References: , 6th Edition, McGraw-Hill, 2013, p. 487

Answer 240

Correct Answer: C Halon is a gas that was widely used in the past to suppress fires because it interferes with the chemical combustion of the elements within a fire. It mixes quickly with the air and does not cause harm to computer systems and other data processing devices. It was used mainly in data centers and server rooms. It was discovered that halon has chemicals (chlorofluorocarbons) that deplete the ozone and that concentrations greater than 10 percent are dangerous to people. Halon used on extremely hot fires degrades into toxic chemicals, which is even more dangerous to humans. Halon has not been manufactured since January 1, 1992, by international agreement. The Montreal Protocol banned halon in 1987, and countries were given until 1992 to comply with these directives. The most effective replacement for halon is FM-200, which is similar to halon but does not damage the ozone. By law, companies that have halon extinguishers do not have to replace them, but the extinguishers cannot be refilled. So, companies that have halon extinguishers do not have to replace them right away, but when the extinguishers lifetime runs out, FM-200 extinguishers or other EPA-approved chemicals should be used. Incorrect Answers: A: You cannot refill a fire extinguisher with Halon 1201. Therefore, this answer is incorrect. B: You cannot refill a fire extinguisher with Halon. Therefore, this answer is incorrect. D: You cannot refill a fire extinguisher with Halon 1301. Therefore, this answer is incorrect. References: , 6th Edition, McGraw-Hill, 2013, p. 473

Answer 241

Correct Answer: A Crime Prevention Through Environmental Design ("CPTED") is the design, maintenance, and use of the built environment in order to enhance quality of life and to reduce both the incidence and fear of crime. Territoriality means providing clear designation between public, private, and semi-private areas and makes it easier for people to understand, and participate in, an area’s intended use. Territoriality communicates a sense of active "ownership" of an area that can discourage the perception that illegal acts may be committed in the area without notice or consequences. The use of see-through screening, low fencing, gates, signage, different pavement textures, or other landscaping elements that visually show the transition between areas intended for different uses are examples of the principle of territoriality. Incorrect Answers: B: Protecting specific areas with different measures is not a description of the CPTED concept of territoriality. Therefore, this answer is incorrect. C: Localized emissions are not a description of the CPTED concept of territoriality. Therefore, this answer is incorrect. D: Compromise of the perimeter is not a description of the CPTED concept of territoriality. Therefore, this answer is incorrect. References: https://www.portlandoregon.gov/oni/article/320548

Answer 242

Correct Answer: D Doorways with automatic locks can be configured to be fail-safe or fail-secure. A fail-safe setting means that if a power disruption occurs that affects the automated locking system, the doors default to being unlocked. Fail-safe deals directly with protecting people. If people work in an area and there is a fire or the power is lost, it is not a good idea to lock them in. A fail-secure configuration means that the doors default to being locked if there are any problems with the power. If people do not need to use specific doors for escape during an emergency, then these doors can most likely default to fail-secure settings. Incorrect Answers: A: Doorways with automatic locks can be configured to be fail-safe or fail-secure. "Fail-soft" is not a valid term when talking about doorways with automatic locks. Therefore, this answer is incorrect. B: A fail-safe setting means that if a power disruption occurs that affects the automated locking system, the doors default to being unlocked. "Fail-open" is essentially the same as fail-safe although fail-safe is the more commonly used terminology. In a fail-safe or fail-open system, the doors do not remain locked. Therefore, this answer is incorrect. C: A fail-safe setting means that if a power disruption occurs that affects the automated locking system, the doors default to being unlocked; the doors do not remain locked. Therefore, this answer is incorrect. References: , 6th Edition, McGraw-Hill, 2013, p. 451

Answer 243

Correct Answer: B High humidity means extra water in the air. This extra water can cause corrosion to computer parts. It is important to maintain the proper temperature and humidity levels within data centers, which is why an HVAC system should be implemented specifically for this room. Too high a temperature can cause components to overheat and turn off; too low a temperature can cause the components to work more slowly. If the humidity is high, then corrosion of the computer parts can take place; if humidity is low, then static electricity can be introduced. Because of this, the data center must have its own temperature and humidity controls, which are separate from the rest of the building. Incorrect Answers: A: Static electricity is caused by low humidity, not high humidity. Therefore, this answer is incorrect. C: Energy-plating is not caused by high humidity. Therefore, this answer is incorrect. D: Element-plating is not caused by high humidity. Therefore, this answer is incorrect. References: , 6th Edition, McGraw-Hill, 2013, p. 456

Answer 244

Correct Answer: D The occupant emergency plan (OEP) provides the "response procedures for occupants of a facility in the event of a situation posing a potential threat to the health and safety of personnel, the environment, or property. Such events would include a fire, hurricane, criminal attack, or a medical emergency." Incorrect Answers: A: A business continuity plan provides procedures for sustaining essential business operations while recovering from a significant disruption, while occupant emergency plan provides coordinated procedures for minimizing loss of life or injury and protecting properly damage in response to a physical threat. B: Incident response plan focuses on malware, hackers, intrusions, attacks, and other security issues. It outlines procedures for incident response. C: A Disaster recovery plan provides detailed procedures to facilitate recovery of capabilities at an alternate site, while occupant emergency plan provides coordinated procedures for minimizing loss of life or injury and protecting properly damage in response to a physical threat. References: , 2nd Edition, Syngress, Waltham, 2012, pp. 369-370

Answer 245

Correct Answer: C Interference interrupts the flow of an electrical current, and fluctuations can actually deliver a different level of voltage than what was expected. Each fluctuation can be damaging to devices and people. The following explains the different types of voltage fluctuations possible with electric power: Power excess: ✑ Spike Momentary high voltage ✑ Surge Prolonged high voltage Power loss: ✑ Fault Momentary power outage ✑ Blackout Prolonged, complete loss of electric power Power degradation: ✑ Sag/dip Momentary low-voltage condition, from one cycle to a few seconds ✑ Brownout Prolonged power supply that is below normal voltage ✑ In-rush current Initial surge of current required to start a load Incorrect Answers: A: A spike is a momentary high voltage, not a momentary low voltage. Therefore, this answer is incorrect. B: A blackout is a prolonged complete loss of power, not a momentary low voltage. Therefore, this answer is incorrect. D: A fault is a momentary power outage, not a momentary low voltage. Therefore, this answer is incorrect. References: , 6th Edition, McGraw-Hill, 2013, pp. 462-463

Answer 246

Correct Answer: B A blackout is when the voltage drops to zero. This can be caused by lightning, a car taking out a power line, storms, or failure to pay the power bill. It can last for seconds or days. This is when a backup power source is required for business continuity. Incorrect Answers: A: A brownout is a prolonged low voltage, not a prolonged complete loss of power. Therefore, this answer is incorrect. C: A surge is a prolonged high voltage, not a prolonged power outage. Therefore, this answer is incorrect. D: A fault is a momentary power outage, not a prolonged power outage. Therefore, this answer is incorrect. References: , 6th Edition, McGraw-Hill, 2013, pp. 462-463

Answer 247

Correct Answer: A When power companies are experiencing high demand, they frequently reduce the voltage in an electrical grid, which is referred to as a brownout. Constant voltage transformers can be used to regulate this fluctuation of power. They can use different ranges of voltage and only release the expected 120 volts of alternating current to devices. Interference interrupts the flow of an electrical current, and fluctuations can actually deliver a different level of voltage than what was expected. Each fluctuation can be damaging to devices and people. The following explains the different types of voltage fluctuations possible with electric power: Power excess: ✑ Spike Momentary high voltage ✑ Surge Prolonged high voltage Power loss: ✑ Fault Momentary power outage ✑ Blackout Prolonged, complete loss of electric power Power degradation: ✑ Sag/dip Momentary low-voltage condition, from one cycle to a few seconds ✑ Brownout Prolonged power supply that is below normal voltage ✑ In-rush current Initial surge of current required to start a load Incorrect Answers: B: A blackout is a prolonged complete loss of power, not a prolonged low voltage. Therefore, this answer is incorrect. C: A surge is a prolonged high voltage, not a prolonged low voltage. Therefore, this answer is incorrect. D: A fault is a momentary power outage, not a prolonged low voltage. Therefore, this answer is incorrect. References: , 6th Edition, McGraw-Hill, 2013, pp. 462-463

Answer 248

Correct Answer: C Wiring and cables are strung through plenum areas, such as the space above dropped ceilings, the space in wall cavities, and the space under raised floors. Plenum areas should have fire detectors. Also, only plenum-rated cabling should be used in plenum areas, which is cabling that is made out of material that does not let off hazardous gases if it burns. Incorrect Answers: A: A smoke boundary area is not the area described in the question. Therefore, this answer is incorrect. B: A fire detection area is not the area described in the question. Therefore, this answer is incorrect. D: An Intergen area is not the area described in the question. Therefore, this answer is incorrect. References: , 6th Edition, McGraw-Hill, 2013, p. 473

Answer 249

Correct Answer: D Heat-activated detectors provide the earliest warning possible of a fire outbreak. They should be placed below the raised floors as this is where the cabling most likely to cause an electrical fire is. Heat-activated detectors can be configured to sound an alarm either when a predefined temperature (fixed temperature) is reached or when the temperature increases over a period of time (rate-of-rise). Rate-of-rise temperature sensors usually provide a quicker warning than fixed-temperature sensors because they are more sensitive, but they can also cause more false alarms. The sensors can either be spaced uniformly throughout a facility, or implemented in a line type of installation, which is operated by a heat-sensitive cable. It is not enough to have these fire and smoke detectors installed in a facility; they must be installed in the right places. Detectors should be installed both on and above suspended ceilings and raised floors, because companies run many types of wires in both places that could start an electrical fire. No one would know about the fire until it broke through the floor or dropped ceiling if detectors were not placed in these areas. Incorrect Answers: A: A side wall is not the best location for the sensor. If cabling under a raised floor starts a fire, it will be some time before the wall mounted heat sensor is triggered. Therefore, this answer is incorrect. B: A variable heat sensor is not the best type of sensor to provide the earliest warning possible of a fire outbreak. Therefore, this answer is incorrect. C: Fixed-temperature sensors are triggered when a defined temperature is reached. This is not the best type of sensor to provide the earliest warning possible of a fire outbreak. The air vent is also not the best location for the sensor. Therefore, this answer is incorrect. References: , 6th Edition, McGraw-Hill, 2013, p. 470

Answer 250

Correct Answer: B Alarms are an example of a physical control type, not an administrative control. Controls are put into place to reduce the risk an organization faces, and they come in three main flavors: administrative, technical, and physical. Administrative controls are commonly referred to as "soft controls" because they are more management-oriented. Examples of administrative controls are security documentation, risk management, personnel security, and training. Technical controls (also called logical controls) are software or hardware components, as in firewalls, IDS, encryption, identification and authentication mechanisms. And physical controls are items put into place to protect facility, personnel, and resources. Examples of physical controls are security guards, locks, fencing, and lighting. Incorrect Answers: A: Personnel controls are an example of an administrative control. Therefore, this answer is incorrect. C: Training is an example of an administrative control. Therefore, this answer is incorrect. D: Emergency response and procedures are an example of an administrative control. Therefore, this answer is incorrect. References: , 6th Edition, McGraw-Hill, 2013, p. 28

Answer 251

Correct Answer: C Because data centers usually hold expensive equipment and the companys critical data, their protection should be thoroughly thought out before implementation. Data centers should not be located on the top floors because it would be more difficult for an emergency crew to access it in a timely fashion in case of a fire. By the same token, data centers should not be located in basements where flooding can affect the systems. And if a facility is in a hilly area, the data center should be located well above ground level. Data centers should be located at the core of a building so if there is some type of attack on the building, the exterior walls and structures will absorb the hit and hopefully the data center will not be damaged. Incorrect Answers: A: The information processing facilities should not be in the basement because of the risk of flooding. Therefore, this answer is incorrect. B: The information processing facilities should not be on the ground floor because of the risk of flooding. Therefore, this answer is incorrect. D: The information processing facilities should not be on the top floor because it would be more difficult for an emergency crew to access it in a timely fashion in case of a fire. Therefore, this answer is incorrect. References: , 6th Edition, McGraw-Hill, 2013, p. 454

Answer 252

Correct Answer: B The TCP protocol is stateful. In a TCP connection, the sender sends a SYN packet, the receiver sends a SYN/ACK, and then the sender acknowledges that packet with an ACK packet. A stateful firewall understands these different steps and will not allow packets to go through that do not follow this sequence. So, if a stateful firewall receives a SYN/ACK and there was not a previous SYN packet that correlates with this connection, the firewall understands this is not right and disregards the packet. This is what stateful meanssomething that understands the necessary steps of a dialog session. And this is an example of context- dependent access control, where the firewall understands the context of what is going on and includes that as part of its access decision. Incorrect Answers: A: The ICMP protocol is stateless, not stateful. C: The UDP protocol is stateless, not stateful. D: The IP protocol is stateless, not stateful. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 232

Answer 253

Correct Answer: D Bridges and routers both connect networks. While bridges works only up to the data link layer, routers work at the network layer. Incorrect Answers: A: Both bridges and routers connect multiple networks. A router examines each packet to determine which network to forward it, but bridges can also examine packets by using filters to determine if the data should be forwarded or not. B: Bridge and router are not synonyms as they work at different network layers. C: A bridge is not one type of router. A bridge cannot connect a LAN to the Internet as it only working at the data link layer, and you need to work at the network layer to connect a LAN to the Internet. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 615

Answer 254

Correct Answer: B ICMP and IGMP work at the network layer of the OSI model. Incorrect Answers: A: There is no Datagram Layer in the OSI model. C: ICMP and IGMP do not belong to the Transport layer of the OSI model. TCP and UDP are examples of protocols working at the transport layer. D: ICMP and IGMP do not belong to the Transport layer of the OSI model. ARP, OSOF, and MAC are examples of protocols workings at the data link layer. References: https://en.wikipedia.org/wiki/Network_layer

Answer 255

Correct Answer: A TCP Wrappers allows you to restrict access to TCP services, but not to UDP services. A TCP wrapper is an application that can serve as a basic firewall by restricting access to ports and resources based on user IDs or system IDs. Using TCP wrappers is a form of port based access control. Incorrect Answers: B: The problem with TCP wrappers is not that confuse proxy servers. The problem is that they do not filter UDP traffic. C: The hosts.* access control system does not require a complicated directory tree. In the simplest configuration, daemon connection policies are set to either permit or block, depending on the options in file /etc/hosts.allow. The default configuration in FreeBSD is to allow all connections to the daemons started with inetd. D: In a UNIX/Linux system the TCP wrappers are included in the distribution and come at no cost. References: , 5th Edition, Sybex, Indianapolis, 2011, p. 118

Answer 256

Correct Answer: B The IP header protocol field value for ICMP is 1. Incorrect Answers: A: The IP header protocol field value for TCP is 6, not 1. C: IP header protocol field value for UDP is 17, not 1. D: The IP header protocol field value for IGMP is 2, not 1. References: , 5th Edition, Sybex, Indianapolis, 2011, p. 122

Answer 257

Correct Answer: B The Internet Protocol (IP) is the principal communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. The Internet Protocol is responsible for addressing hosts and for routing datagrams (packets) from a source host to a destination host across one or more IP networks. Incorrect Answers: A: There is nothing called IP segment within the OSI model. The TCP protocol uses segments, while the IP protocol uses datagrams. C: The network layer (layer 2) of the OSI model handles data link frames, but there are no IP frames in the OSI model. IP datagrams are the network layer (layer 3). D: There is nothing called IP fragment within the OSI model. References: https://en.wikipedia.org/wiki/Internet_Protocol

Answer 258

Correct Answer: C Simple Network Management Protocol (SNMP) was released to the networking world in 1988 to help with the growing demand of managing network IP devices. Companies use many types of products that use SNMP to view the status of their network, traffic flows, and the hosts within the network. SNMP uses agents and managers. Agents collect and maintain device-oriented data, which are held in management information bases. Managers poll the agents using community string values for authentication purposes. SNMP versions 1 and 2 send their community string values in cleartext, but with SNMP version 3, cryptographic functionality has been added, which provides encryption, message integrity, and authentication security. So any sniffers that are installed on the network cannot sniff SNMP traffic. Incorrect Answers: A: UDP is not a protocol used to monitor network devices. B: SNMP versions 1 and 2 send their community string values in cleartext. This does not prevent easy disclosure of the SNMP strings and authentication of the source of the packets. D: SNMP versions 1 and 2 send their community string values in cleartext. This does not prevent easy disclosure of the SNMP strings and authentication of the source of the packets. References: , 6th Edition, McGraw-Hill, 2013, p. 587

Answer 259

Correct Answer: C Class C was defined with the 3 high-order bits set to 1, 1, and 0, and designating the next 21 bits to number the networks. This translates to the IP address range of a class C network of 192.0.0.0 to 223.255.255.255. Incorrect Answers: A: Class C was defined with three fixed bits, not just one single bit. B: Class C was defined with three fixed bits, not just two bits. D: Class C was defined with the first bits set to 1, 1, and 0. Not to 1, 1, and 1. References: https://en.wikipedia.org/wiki/Classful_network

Answer 260

Correct Answer: A Class A contains all addresses in which the most significant bit is zero. The address range of Class A is 0.0.0.0 - 127.255.255.255. Incorrect Answers: B: Class A contains only one single fixed bit, not two. C: Class A contains only one single fixed bit, not three. D: Class A contains only one single fixed bit, not three. References: https://en.wikipedia.org/wiki/Classful_network

Answer 261

Correct Answer: B Non-repudiation is provided by applications such as PGP (Pretty Good Privacy). It is implemented in software and therefore run in the application layer. Non-repudiation means that parties involved in a communication cannot deny having participated. It is a technique that assures genuine communication that cannot subsequently be refuted. Implementing security at the application layer simplifies the provision of services such as non-repudiation by giving complete access to the data the user wants to protect. Incorrect Answers: A: Non-repudiation is implemented at application layer, not at the network layer. C: Non-repudiation is implemented at application layer, not at the transport layer. D: Non-repudiation is implemented at application layer, not at the data-link layer. References: , 2nd Edition, Syngress, Waltham, 2012, p. 249

Answer 262

Correct Answer: A Session-layer services are commonly used in application environments that make use of remote procedure calls (RPCs). Incorrect Answers: B: RPC is implemented at the session layer, not at the transport layer. C: RPC is implemented at the session layer, not at the data link layer. D: RPC is implemented at the session layer, not at the network layer. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 524

Answer 263

Correct Answer: C Some examples of packet-switching technologies are the Internet, X.25, and frame relay. Incorrect Answers: A: X.25, and frame relay are packet switching services, not circuit-switching services. B: X.25, and frame relay are packet switching services, not cell-switching services. D: X.25, and frame relay are packet switching services, not dedicated digital services. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 674

Answer 264

Correct Answer: A PPP (Point-to-Point Protocol) is a data link protocol used to establish a direct connection between two nodes. PPP has replaced the older SLIP and CSLIP protocols. Incorrect Answers: B: SLIP, CSLIP, and PPP all work at the data link layer, not at the transport layer. C: SLIP, CSLIP, and PPP all work at the data link layer, not at the presentation layer. D: SLIP, CSLIP, and PPP all work at the data link layer, not at the application layer. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 683

Answer 265

Correct Answer: B An IDS can detect malicious behavior using two common methods. One way is to use knowledge-based detection which is more frequently used. The second detection type is behavior-based detection. Incorrect Answers: A: behavior-based detection is less common compared to knowledge-based detection. C: A Statistical anomaly-based IDS is a behavioral-based system. D: Host-based intrusion detection is not a conceptual iDS approach. The two conventional approaches are knowledge-based detection and behavior-based detection. References: p. 56

Answer 266

Correct Answer: B Network address hijacking allows an attacker to reroute data traffic from a network device to a personal computer. Also referred to as session hijacking, network address hijacking enables an attacker to capture and analyze the data addressed to a target system. This allows an attacker to gain access to critical resources and user credentials, such as passwords, and to gain unauthorized access to critical systems of an organization. Session hijacking involves assuming control of an existing connection after the user has successfully created an authenticated session. Session hijacking is the act of unauthorized insertion of packets into a data stream. It is normally based on sequence number attacks, where sequence numbers are either guessed or intercepted. Incorrect Answers: A: Network address translation (NAT) is a methodology of modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device for the purpose of remapping one IP address space into another. This is not what is described in the question. C: Network Address Supernetting is forming an Internet Protocol (IP) network from the combination of two or more networks (or subnets) with a common Classless Inter-Domain Routing (CIDR) prefix. The new routing prefix for the combined network aggregates the prefixes of the constituent networks. This is not what is described in the question. D: Network Address Sniffing: This is another bogus choice that sounds good but does not even exist. However, sniffing is a common attack to capture cleartext passwords and information unencrypted over the network. Sniffing is accomplished using a sniffer also called a Protocol Analyzer. A network sniffer monitors data flowing over computer network links. It can be a self-contained software program or a hardware device with the appropriate software or firmware programming. Also sometimes called "network probes" or "snoops," sniffers examine network traffic, making a copy of the data but without redirecting or altering it. References: http://compnetworking.about.com/od/networksecurityprivacy/g/bldef_sniffer.htm http://wiki.answers.com/Q/What_is_network_address_hijacking , 2nd Edition, Wiley Publishing, Indianapolis, 2004, p.

Answer 267

``` Correct Answer: C The ICMP protocol was developed to send status messages, not to hold or transmit user data. But someone figured out how to insert some data inside of an ICMP packet, which can be used to communicate to an already compromised system. Loki is actually a client/server program used by hackers to set up back doors on systems. The attacker targets a computer and installs the server portion of the Loki software. This server portion "listens" on a port, which is the back door an attacker can use to access the system. To gain access and open a remote shell to this computer, an attacker sends commands inside of ICMP packets. This is usually successful, because most routers and firewalls are configured to allow ICMP traffic to come and go out of the network, based on the assumption that this is safe because ICMP was developed to not hold any data or a payload. Incorrect Answers: A: A Loki attack uses ICMP, not TCP. B: A Loki attack uses ICMP, not PPP. D: A Loki attack uses ICMP, not SMTP. References: , 6th Edition, McGraw-Hill, 2013, p. 585 ```

Answer 268

Correct Answer: D The 128 bits of an IPv6 address are represented in 8 groups of 16 bits each. Each group is written as 4 hexadecimal digits and the groups are separated by colons (:).Consecutive sections of zeroes are replaced with a double colon (::).The double colon may only be used once in an address, as multiple use would render the address indeterminate. The address 2001:DB8::8:800::417A uses double colon twice, which is illegal. Incorrect Answers: A: 2001:0db8:0:0:0:0:1428:57ab is a well-formed IPv6 address with 8 groups of 16-bit hexadecimal numbers. B: ABCD:EF01:2345:6789:1 is a well-formed IPv6 address with 8 groups of 16-bit hexadecimal numbers. C: ABCD:EF01:2345:6789::1 is a well-formed IPv6 address with 8 groups of 16-bit hexadecimal numbers, and only one double colon. References: https://en.wikipedia.org/wiki/IPv6

Answer 269

Correct Answer: D A gateway works at OSI Application layer, where it connects different types of networks; performs protocol and format translations. Incorrect Answers: A: A bridge works at the data link layer, not the application layer. B: A repeater works at the physical layer, not the application layer. C: A router works at the transport layer, not the application layer. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 623

Answer 270

Correct Answer: B In a Smurf attack the attacker sends an ICMP ECHO REQUEST packet with a spoofed source address to a victims network broadcast address. This means that each system on the victims subnet receives an ICMP ECHO REQUEST packet. Each system then replies to that request with an ICMP ECHO REPLY packet to the spoof address provided in the packetswhich is the victims address. Incorrect Answers: A: A Syn flood attack does not involve spoofing and ICMP ECHO broadcasts. A SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic. C: A ping of death is a type of attack on a computer system that involves sending a malformed or otherwise malicious ping to a computer. It could cause a buffer overflow, but it does not involve ICMP ECHO broadcast packets D: A DoS attack does not use spoofing or ICMP ECHO broadcasts. In a DoS attack the attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 587

Answer 271

Correct Answer: C The presentation layer is not concerned with the meaning of data, but with the syntax and format of the data. It works as a translator, translating the format an application is using to a standard format used for passing messages over a network. Incorrect Answers: A: The session layer provides the mechanism for opening, closing and managing a session between end-user application processes, i.e., a semi-permanent dialogue. Communication sessions consist of requests and responses that occur between applications. B: The transport layer provide host-to-host communication services for applications. It provides services such as connection-oriented data stream support, reliability, flow control, and multiplexing. D: The application layer as the user interface responsible for displaying received information to the user. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 522

Answer 272

Correct Answer: B The OSI/ISO Layers are not designed for monitoring network devices. Incorrect Answers: A: The OSI model is a conceptual model that characterizes and standardizes the communication functions of a telecommunication or computing system without regard to their underlying internal structure and technology. C: The goal of the OSI model goal is the interoperability of diverse communication systems with standard protocols. D: The original version of the OSI model defined seven protocol layers, defining a protocol stack. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 518

Answer 273

Correct Answer: B In telephony, the local loop is the physical link or circuit that connects from the demarcation point of the customer premises to the edge of the common carrier or telecommunications service provider's network. Incorrect Answers: A: New loop is not a type of connection. C: A loopback interface is a serial communications transceiver can use loopback for testing its functionality. D: Indigenous loop is not a type of connection. References: https://en.wikipedia.org/wiki/Local_loop

Answer 274

Correct Answer: D Security applies to all types of transmitted data whether it is voice, data or multimedia. Incorrect Answers: A: Not only voice transfer must be secure. Data and multimedia transmission must be secure as well. B: Not only voice and multimedia transfers must be secure. Data transmission must be secure as well. C: Not only data and multimedia transfers must be secure. Voice transmission must be secure as well. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 515

Answer 275

Correct Answer: C IPSec uses the IP protocol to deliver packets. IP treats every packet independently, and the packets can arrive out of order. Incorrect Answers: A: The Internet Protocol Security (IPSec) protocol suite provides a method of setting up a secure channel for protected data exchange between two devices. IPSec data cannot be read by unauthorized parties. B: IPSec, through the use of IKE (Internet Key Exchange), ensures the identity of each endpoint is confirmed by the other endpoints. D: An ESP packet, used by IPSec to transfer data, includes a Sequence Number which counts the packets that have been transmitted. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 860

Answer 276

Correct Answer: C L2TP is not compatible with NAT. Incorrect Answers: A: PPTP was designed to provide a way to tunnel PPP connections through an IP network. B: PPTP uses PPP data packets that encrypted using Microsoft Point to Point Encryption (MPPE), while L2TP on the other hand does not provide any encryption or confidentiality by itself. D: Radius AAA servers can be configured to use L2TP tunnels. References: , 6th Edition, McGraw-Hill, New York, 2013, pp. 702-703

Answer 277

Correct Answer: B Network availability can be defined as an area of the of the Telecommunications and Network Security domain that directly affects the Information Systems Security tenet of Availability. Incorrect Answers: A: Netware is a protocol family from the Novell Corporation, and not an area within the Network Security domain. C: Network acceptability is not an area in the Telecommunications and Network Security domain. D: Network accountability is not an area in the Telecommunications and Network Security domain.

Answer 278

Correct Answer: B The maximum length of a Category 5 10Base-T cable is 100 meters. Incorrect Answers: A: The maximum length is 100 meters, not 80 meters. C: The maximum length is 100 meters, not 185 meters. D: The maximum length is 100 meters, not 500 meters. References: https://en.wikipedia.org/wiki/Ethernet_over_twisted_pair

Answer 279

Correct Answer: A The Secure Sockets Layer (SSL) protects mainly web-based traffic. Incorrect Answers: B: The Secure Sockets Layer (SSL) does not protect EDI transactions. It protects Web transactions. C: The Secure Sockets Layer (SSL) protects Web transactions, not Telnet transactions. D: The Secure Sockets Layer (SSL) protects Web transactions, not Electronic Payment transactions. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 708

Answer 280

Correct Answer: D The TLS protocol is composed of two layers: the TLS Record Protocol and the TLS Handshake Protocol. Incorrect Answers: A: TLS Internet Protocol is not part of the Transport Layer Security (TLS) protocol. B: TLS Data Protocol is not part of the Transport Layer Security (TLS) protocol. C: TLS Link Protocol is not part of the Transport Layer Security (TLS) protocol. References: https://en.wikipedia.org/wiki/Transport_Layer_Security

Answer 281

Correct Answer: A Peer authentication is an integral part of the SSL protocol. Peer authentication relies on the availability of trust anchors and authentication keys. Incorrect Answers: B: Peer authentication, not peer identification, is part of the SSL protocol. C: SSL uses Peer authentication, not Server Authentication, for encrypting data that is sent over a session. D: SSL uses Peer authentication, not Name Resolution, for encrypting data that is sent over a session.

Answer 282

Correct Answer: A Because fiber-optic cable passes electrically non-conducting photons through a glass medium, it is immune to electromagnetic interference. Incorrect Answers: B: As an electromagnetic field carries the signal in the Coaxial cable, the signal can be affected by external inference. C: As an electromagnetic field carries the signal in the Twisted Pair cable, the signal can be affected by external inference. D: An axial cable is a coaxial cable with only one conductor instead of two conductors. Compared to a coaxial cable the axial cable is more vulnerable to electromagnetic interference. References: , 5th Edition, Sybex, Indianapolis, 2011, p. 100

Answer 283

Correct Answer: A Alternative routing provides two different cables from the local exchange to your site, so you can protect against cable failure as your service will be maintained on the alternative route. Incorrect Answers: B: With diverse routing, you can protect not only against cable failure but also against local exchange failure as there are two separate routes from two exchanges to your site. C: Lang-haul refers to circuits that span large distances, not between your site and the local exchange, such as interstate or international. D: Last mile circuit protection does not provide an extra connection. References: https://en.wikipedia.org/wiki/Routing_in_the_PSTN

Answer 284

``` Correct Answer: A POP3 uses port 110. Incorrect Answers: B: Port 109 is used by POP2. C: Port 139 is used by the NetBIOS Session Service. D: Port 119 is used by NNTP. References: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers ```

Answer 285

Correct Answer: A Behavioral-based IDSs are also known as profile-based systems. Incorrect Answers: B: A pattern matching IDS does not work in the same way as a Behavioral-based IDS. C: There is no Intrusion Detection System type called Misuse detective systems. D: A Rule-based IDS does not work in the same way as a Behavioral-based IDS. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 260

Answer 286

Correct Answer: B The data link layer is responsible for proper communication within the network components and for changing the data into the necessary format (electrical voltage) for the physical layer. Incorrect Answers: A: The session layer protocols set up connections between applications; maintain dialog control; and negotiate, establish, maintain, and tear down the communication channel. C: The protocols at the application layer handle file transfer, virtual terminals, network management, and fulfilling networking requests of applications. D: The protocols at the transport layer handle end-to-end transmission and segmentation of a data stream. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 528

Answer 287

Correct Answer: C The data link layer is responsible for proper communication within the network devices and for changing the data into the necessary format (electrical voltage) for the physical link or channel. Incorrect Answers: A: The protocols at the transport layer handle end-to-end transmission and segmentation of a data stream. B: The responsibilities of the network layer protocols include internetworking service, addressing, and routing. D: The physical layer include network interface cards and drivers that convert bits into electrical signals and control the physical aspects of data transmission References: , 6th Edition, McGraw-Hill, New York, 2013, p. 531

Answer 288

Correct Answer: D X.25, V.35, X21 and HSSI all work at the physical layer in the OSI model. X.25 is an older WAN protocol that defines how devices and networks establish and maintain connections. V.35 is the interface standard used by most routers and DSUs that connect to T-1 carriers. X21 is a physical and electrical interface. High-Speed Serial Interface (HSSI) is a short-distance communications interface. Incorrect Answers: A: X.25, V.35, X21 and HSSI all work at the physical layer, not the transport layer. B: X.25, V.35, X21 and HSSI all work at the physical layer, not the network layer. C: X.25, V.35, X21 and HSSI all work at the physical layer, not the data link layer. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 679

Answer 289

Correct Answer: C The TCP/IP model includes the following four layers: application, host-to-host, Internet, and Network access. Incorrect Answers: A: The OSI have seven layers, while the TCP/IP model only has four layers. B: The TCP/IP model has four layers, not five. D: The TCP/IP model has four layers, not three. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 518

Answer 290

Correct Answer: B The Host-to-host transport layer provides end-to-end data transport services and establishes the logical connection between two communicating hosts. Incorrect Answers: A: The internet layer has the responsibility of sending packets across potentially multiple networks. This process is called routing. C: The application layer includes the protocols used by most applications for providing user services or exchanging application data over the network connections established by the lower level protocols. D: The link layer (network access layer) is used to move packets between the Internet layer interfaces of two different hosts on the same link. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 525

Answer 291

Correct Answer: A S-HTTP provides application layer security, while the other protocols provide transport layer security. Incorrect Answers: B: FTPS can use SSL. FTPS (also known as FTPES, FTP-SSL and FTP Secure) is an extension to the commonly used File Transfer Protocol (FTP) that adds support for the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) cryptographic protocols. C: SSL can be used by FTPS. SSL provides transport layer security. D: SPX is a transport layer protocol (layer 4 of the OSI Model). References: , 5th Edition, Sybex, Indianapolis, 2011, p. 856

Answer 292

Correct Answer: A Packet filtering is a firewall technology that makes access decisions based upon network-level protocol header values. The filters can make access decisions based upon the following basic criteria: ✑ Source and destination port numbers (such as an application port or a service number) ✑ Protocol types ✑ Source and destination IP addresses ✑ Inbound and outbound traffic direction Incorrect Answers: B: Only authorized ports or service numbers, not unauthorized, would be granted access through the firewall. C: Packet Filtering Firewalls do not grant access through ex-service numbers. They use service numbers. D: Packet Filtering Firewalls do not grant access through service integers. A service has a number, not an integer. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 630

Answer 293

Correct Answer: A PPTP works at the data link layer. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 708

Answer 294

Correct Answer: A Media access technologies deal with how these systems communicate over the network media. LAN access technologies set up the rules of how computers will communicate on the Local Area Network. Incorrect Answers: B: Network topology is not defined by rules of communication. It is the arrangement of the various elements (links, nodes, etc.) of a computer network. C: The communications rules on a LAN is called Media Access rules, not transmissions methods. D: Contention Access Control is just used to avoid collisions. To communicate LAN Media Access methods are used. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 565

Answer 295

Correct Answer: A Broadcast, unicast, and multicast are all LAN transmissions methods. Incorrect Answers: B: CSMA/CD is a media access method, not a LAN transmission method. C: Token ring is a media access methodology, not a LAN transmission method. D: FDDI is a media access methodology, not a LAN transmission method. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 579

Answer 296

Correct Answer: A In a bus topology a linear, single cable for all computers attached is used. All traffic travels the full cable and can be viewed by all other computers. Incorrect Answers: B: In a ring topology all computers are connected by a unidirectional transmission link, and the cable is in a closed loop. C: In a star topology all computers are connected to a central device, which provides more resilience for the network. D: FDDI is a media access methodology, not a LAN topology. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 566

Answer 297

Correct Answer: B Serial Line Internet Protocol (SLIP) is an older technology developed to support TCP/IP communications over asynchronous serial connections, such as serial cables or modem dial - up. Incorrect Answers: A: ISDN can be considered a suite of digital services existing on layers 1, 2, and 3 of the OSI model. ISDN is digital, not serial. C: xDSL is a digital technology. xDSL is the term for the Broadband Access technologies based on Digital Subscriber Line (DSL) technology D: The T1 carrier is the most commonly used digital, not serial, transmission service. References: , 5th Edition, Sybex, Indianapolis, 2011, p. 138

Answer 298

Correct Answer: C Asymmetric DSL (ADSL) provides data travel downstream faster than upstream. Upstream speeds are 128 Kbps to 384 Kbps, and downstream speeds can be as fast as 768 Kbps. Generally used by residential users. ADSL is appropriate for small offices. Incorrect Answers: A: VDSL is basically ADSL at much higher data rates (13 Mbps downstream and 2 Mbps upstream). B: Symmetric DSL (SDSL) provides data travel upstream and downstream at the same rate. D: High-Bit-Rate DSL (HDSL) provides T1 (1.544 Mbps) speeds over regular copper phone wire without the use of repeaters. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 699

Answer 299

Correct Answer: A A virtual private network (VPN) is a secure, private connection through an untrusted network. VPN technology requires a tunnel to work and it assumes encryption. Incorrect Answers: B: A one-time password is not the same as a VPN. C: Tunnel, not pipeline, can be used as a name for a VPN. D: Tunnel, not bypass, can be used as a name for a VPN. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 702

Answer 300

Correct Answer: B Digital Signal Level 1 (DS - 1) provides 1.544 Mbps over a T1 line. Incorrect Answers: A: Digital Signal Level 0 (DS - 0) provides from 64 Kbps up to 1.544 Mbps on a Partial T1 line. C: There is no framing specification named DS-2. D: Digital Signal Level 3 (DS - 3) is a specification for T3, not for T1. References: , 5th Edition, Sybex, Indianapolis, 2011, p. 165

Answer 301

Correct Answer: B Firewalls filter traffic based on a defined set of rules. The rules must be configured correctly for the firewall to provide the intended security. Incorrect Answers: A: Firewalls main duty is to defend against external, not internal, threats. C: Firewalls do not product from buffer overflows attacks. D: Firewalls can help in defending from DDoS attacks, but the main concern with firewall is to configure them correctly. References: , 5th Edition, Sybex, Indianapolis, 2011, p. 25

Answer 302

Correct Answer: B An electronic multiplexer makes it possible for several signals to share one device or resource. A multiplexer (or mux) is a device that selects one of several analog or digital input signals and forwards the selected input into a single line. Incorrect Answers: A: A router forwards data packets. A router does not handle signals. C: A CSU/DSU is a digital-interface device used to connect a data terminal equipment (DTE), such as a router, to a digital circuit, such as a Digital Signal 1 (T1) line. D: A switch forwards traffic at the data link layer of the OSI model. It does operate with multiple signals. References: https://en.wikipedia.org/wiki/Multiplexer

Answer 303

Correct Answer: A Event logging is available in both TACACS and TACACS+. Incorrect Answers: B: TACACS+ is XTACACS with extended two-factor user authentication. C: TACACS uses fixed passwords for authentication, while TACACS+ allows users to employ dynamic (one-time) passwords, which provides more protection. D: TACACS+ features security tokes, which is not included in TACACS. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 234

Answer 304

Correct Answer: A TACACS+ is more secure compared to TACACS, RADIUS, and PAP. Incorrect Answers: B: TACACS+ encrypts all of this data between the client and server and thus does not have the vulnerabilities inherent in the RADIUS protocol. C: PAP transmits unencrypted ASCII passwords over the network and is therefore considered insecure. D: TACACS uses fixed passwords for authentication, while TACACS+ allows users to employ dynamic (one-time) passwords, which provides more protection. TACACS+ is XTACACS with extended two-factor user authentication. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 234

Answer 305

Correct Answer: D OSI layer is the data link layer. The data link layer is divided into two functional sublayers: the Logical Link Control (LLC) and the Media Access Control (MAC). The IEE LLC specification for Ethernet is defined in the IEEE 802.2 standard, while the IEEE MAC specification for Ethernet is 802.3 Incorrect Answers: A: LCL is not a sublayer of OSI layer 2. B: LCL is not a sublayer of OSI layer 2. C: Network is not a sublayer of OSI layer 2. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 528 http://en.wikipedia.org/wiki/OSI_model

Answer 306

Correct Answer: B Wireless Transport Layer Security (WTLS) provides security connectivity services similar to those of SSL or TLS. Incorrect Answers: A: There is no protocol named S-WAP C: Wireless Session Protocol (WSP) does not provide security. D: Wireless Datagram Protocol (WDP) does not provide security. References: , 5th Edition, Sybex, Indianapolis, 2011, p. 103

Answer 307

Correct Answer: A The Advanced Research Projects Agency Network (ARPANET), funded by the Department of Defense, was an early packet switching network and the first network to implement the protocol suite TCP/IP. Both technologies became the technical foundation of the Internet. Incorrect Answers: B: Intranets can use other protocols than TCP/IP. Intranet is not standard that was developed by the Department of Defense. C: Intranet can use other protocols than TCP/IP. Extraanet is not standard that was developed by the Department of Defense. D: Ethernet can use other protocols than TCP/IP. Ethernet is not standard that was developed by the Department of Defense. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 549

Answer 308

Correct Answer: A When a company uses web-based technologies inside its networks, it is using an intranet, a private network. The company's internal physical network structure is used. Incorrect Answers: B: The internal, not the external, network structure is used. C: The internal, not the external, network structure is used. D: The physical structure, not the NetBIOS structure. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 661

Answer 309

Correct Answer: C A public posting on the internet is not secure. Compared to the internet, an intranet provides more control. Incorrect Answers: A: A private posting provides high security and control. B: Ethernet is a link layer protocol in the TCP/IP stack. An Intranet is defined on the physical layer. The data link layer provides more control compared to the physical layer. D: An extranet is a website that allows controlled access to partners, vendors and suppliers or an authorized set of customers - normally to a subset of the information accessible from an organization's intranet. As an extranet is a subset of an intranet is provides more security and control. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 661

Answer 310

Correct Answer: A Files services, which are part of the Common Data Network Services, provides sharing of data files and subdirectories on file servers. Incorrect Answers: B: Mail services only provide sending and receiving email internally or externally through an email gateway device. C: Print services only provide printing documents to a shared printer or a print queue/spooler. D: Client/server services provide allocating computing power resources among workstations with some shared resources centralized in a file server. References:

Answer 311

Correct Answer: B Mail services, which are part of the Common Data Network Services, sends and receives email internally or externally through an email gateway device. Incorrect Answers: A: Files services provide sharing of data files and subdirectories on file servers. C: Print services only prints documents to a shared printer or a print queue/spooler. D: Client/server services allocate computing power resources among workstations with some shared resources centralized in a file server.

Answer 312

Correct Answer: B It is preferable that both devices have the same speed when they are going to interoperate. Incorrect Answers: A: It is preferable that the devices have the same speed to interoperate well. C: Communication is easier if the speeds of the devices do not change. D: High speed is not a necessity for devices to be able to interact.

Answer 313

Correct Answer: A Asynchronous start-stop is the physical layer used to connect computers to modems for many dial-up Internet access applications, using a data link framing protocol. Incorrect Answers: B: Dial-up modems use Asynchronous, not synchronous, communication. C: Dial-up modems connect to a remote system using communication, not interaction. D: Dial-up modems connect to a remote system using communication, not interaction. References: https://en.wikipedia.org/wiki/Asynchronous_serial_communication

Answer 314

Correct Answer: B Print services, which are part of the Common Data Network Services, prints documents to a shared printer or a print queue/spooler. Incorrect Answers: A: Mail services only send and receive email internally or externally through an email gateway device. C: Client/server services allocate computing power resources among workstations with some shared resources centralized in a file server. D: Domain Name Service translates domain names into IP addresses.

Answer 315

Correct Answer: C Client/server services, which belongs to the Common Data Network Services, allocates computing power resources among workstations with some shared resources centralized in a file server. Incorrect Answers: A: Print services only print documents to a shared printer or a print queue/spooler. B: Files services provide sharing of data files and subdirectories on file servers. D: Domain Name Service translates domain names into IP addresses.

Answer 316

Correct Answer: B Network architecture is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, including protocols and access methods, as well as data formats used in its operation. Incorrect Answers: A: Novell Netware is specific to the vendor Novell. C: WAN Architecture is not used for the various components of a network. It used for components that enables different local network to communicate with other networks. D: The physical components must be included as well, not just the protocols. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 246

Answer 317

``` Correct Answer: A Unshielded Twisted Pair cabling consists of an outer jacket and four pairs of twisted wire medium. Incorrect Answers: B: There are four pairs, not three. C: There are four pairs, not two. D: There are four pairs, not one. References: https://en.wikipedia.org/wiki/Twisted_pair#Unshielded_twisted_pair_.28UTP.29 ```

Answer 318

Correct Answer: A With Increased UTP category the better the signal is transmitted, that is the cable is more resistance against interference and crosstalk. The lowest category is 1 and the highest is 8.2. Incorrect Answers: B: The UTP categories are just numbers from 1 to 8.2. They do not represent speed. C: The UTP categories are just numbers. They do not represent length. D: The UTP categories are just numbers. They do not represent speed. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 559

Answer 319

Correct Answer: C Packet switching does not set up a dedicated virtual link, and packets from one connection can pass through a number of different individual devices, instead of all of them following one another through the same devices. Incorrect Answers: A: Most traffic over the Internet uses packet switching and the Internet is basically a connectionless network. B: In a packet-switching network, the data are broken up into packets containing frame check sequence numbers. D: The packet switching packets go through different network nodes, and their paths can be dynamically altered by a router or switch that determines a better route for a specific packet to take. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 674

Answer 320

Correct Answer: B Secure Electronic Transaction (SET) is a security technology proposed by Visa and MasterCard to allow for more secure credit card transaction possibilities than what is currently available. With SET an entity verifies a digital signature of the sender and digitally signs the information before it is sent to the next entity involved in the process. Incorrect Answers: A: SET uses digital signatures, not Message Authentication Codes. C: SET uses digital signatures, not transport layer security. D: Visa and Mastercard, not American Express, has proposed the SET protocol. The current security solution in use for credit cards transfers use SSL, but SET uses digital signatures. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 857

Answer 321

Correct Answer: D S-HTTP provides protection for each message sent between two computers, but not the actual link. Incorrect Answers: A: Kerberos is a network authentication protocol. It is not used to secure messages. B: SET is designed to provide secure credit card transactions, not to provide secure transfer of messages. C: HTTPS protects the communication channel, not each individual message separately. HTTPS is HTTP that uses SSL for security purposes. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 873

Answer 322

Correct Answer: A Both SET and S-HTTP provides application layer security. Incorrect Answers: B: SET and S-HTTP work at the application layer, not at the transportation layer. C: SET and S-HTTP work at the session layer, not at the transportation layer. D: SET and S-HTTP work at the network layer, not at the transportation layer. References: , 5th Edition, Sybex, Indianapolis, 2011, p. 856

Answer 323

Correct Answer: B Because fiber-optic cable passes electrically non-conducting photons through a glass medium, it is very hard to intercept or wiretap. Incorrect Answers: A: High data rates are an advantage of fiber options, but speed in itself does not significantly increase speed. C: Multiplexing would not prevent traffic analysis. It would just make it harder. D: Correctable bits are not an advantage of fiber optic communication.

Answer 324

Correct Answer: B IPSec works at the network layer, not at the transport layer. Incorrect Answers: A: IPSec protects networks by authenticating and encrypting each IP packet of a communication session. C: IPSec protects against man-in-the-middle attacks by combining mutual authentication with shared, cryptography-based keys. D: IPSec uses cryptography-based keys, shared only by the sending and receiving computers, to create a cryptographic checksum for each IP packet. The cryptographic checksum ensures that only the computers that have knowledge of the keys could have sent each packet. This products against spoofing. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 1360

Answer 325

Correct Answer: D Packet filtering was the first generation of firewalls and it is the most rudimentary type of all of the firewall technologies. Packet filtering gateways/firewalls would be insufficient for a medium-risk environment. Incorrect Answers: A: Packet filtering gateways can make access decisions based upon the following basic criteria: ✑ Source and destination IP addresses ✑ Source and destination port numbers ✑ Protocol types ✑ Inbound and outbound traffic direction B: Packet filters are useful in IP address spoofing attack prevention because they are capable of filtering out and blocking packets with conflicting source address information (packets from outside the network that show source addresses from inside the network and vice-versa). On the other hand packet filtering gateways would not be able to protect against DNS spoofing. A stateful firewall is needed to protect against DNS spoofing C: Packet filter gateways cannot ensure strong user authentication. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 630

Answer 326

Correct Answer: A Remote procedure call (RPC) works at the session layer of the OSI model. Incorrect Answers: B: ICMP works at the network layer of the OSI model. C: LPD (Line Printer Daemon Protocol) is an application layer protocol. D: SPX is a transport layer protocol. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 524

Answer 327

Correct Answer: B The data link layer is responsible for proper communication within the network components and for changing the data into the necessary format (electrical voltage) for the physical layer. It is concerned with local delivery of frames between devices on the same LAN. Incorrect Answers: A: The physical layer defines the means of transmitting raw bits rather than logical data packets over a physical link connecting network nodes. C: The session layer protocols set up connections between applications; maintain dialog control; and negotiate, establish, maintain, and tear down the communication channel. D: The session layer provides the mechanism for opening, closing and managing a session between end-user application processes, i.e., a semi-permanent dialogue. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 528

Answer 328

Correct Answer: B Packet filters are useful in IP address spoofing attack prevention because they are capable of filtering out and blocking packets with conflicting source address information (packets from outside the network that show source addresses from inside the network and vice-versa). Incorrect Answers: A: Packet filtering firewalls, as they are stateless, are vulnerable to denial-of-service attacks. A stateful firewall would be able to handle these attacks better. C: Logging is no problem when using packet filtering firewalls. D: Packet filter gateways cannot ensure strong user authentication. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 630

Answer 329

Correct Answer: B TFTP is less capable compared to FTP. TFTP is used where user authentication and directory visibility are not required. Incorrect Answers: A: Both FTP and TFTP have ability to negotiate speed- C: There is ability to automate both FTP and TFTP. D: TFTP can be used to transfer any files, not just configuration files between network equipment. References: , 5th Edition, Sybex, Indianapolis, 2011, p. 125

Answer 330

Correct Answer: C RG-58 was once widely used in "thin" Ethernet (10BASE2), where it provides a maximum segment length of 185 meters. Incorrect Answers: A: 10BaseT has a maximal distance of 100 meters. B: RG-8 has a maximal distance of 500 meters. D: 10Base5 has a maximal distance of 500 meters. References: https://en.wikipedia.org/wiki/RG-58

Answer 331

Correct Answer: B HTTP Secure (HTTPS) is HTTP running over SSL. The client browser generates a session key and encrypts it with the servers public key. Incorrect Answers: A: Only the client generates the key. C: The client, not the server, generates the key. D: The client, not a certification server, generates the key. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 855

Answer 332

Correct Answer: D PPTP is an encapsulation protocol based on PPP that works at OSI layer 2 (Data Link) and that enables a single point-to-point connection, usually between a client and a server. While PPTP depends on IP to establish its connection. As currently implemented, PPTP encapsulates PPP packets using a modified version of the generic routing encapsulation (GRE) protocol, which gives PPTP to the flexibility of handling protocols other than IP, such as IPX and NETBEUI over IP networks. PPTP does have some limitations: It does not provide strong encryption for protecting data, nor does it support any token-based methods for authenticating users. L2TP is derived from L2F and PPTP, not the opposite. Incorrect Answers: A: PPTP relies on the Point-to-Point Protocol (PPP) being tunneled to implement security functionality. B: PPTP uses PPP for encryption. The PPP protocol has only the capability to encrypt data with 128-bit so it ensures low security. C: The PPTP specification does not include authentication. In the Microsoft implementation, the tunneled PPP traffic can be authenticated with PAP, CHAP, MS- CHAP v1/v2 , but not with any token-based authentication scheme. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 708

Answer 333

Correct Answer: A In e-mail clients SMTP works as a message transfer agent and moves the message from the users computer to the mail server when the user sends the e-mail message. Incorrect Answers: B: SMTP is used only for sending, not retrieving, email messages. C: SMTP is used only for sending, not reading, email messages. D: SMTP is not a format of email messages. It is a protocol for sending email messages. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 599

Answer 334

Correct Answer: A One security association (SA) is not enough to establish bi-directional communication. Each device will have at least one security association (SA) for each secure connection it uses, so two security associations would be required. Incorrect Answers: B: AH provides authentication and integrity for the IP datagrams. C: ESP provides authentication, integrity, and encryption for the IP datagrams. D: In IPSec transport mode the payload, but not the routing and header information, of the message is protected. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 862

Answer 335

Correct Answer: C Statistical time-division multiplexing (STDM) transmits several types of data simultaneously across a single transmission cable or line. The communication channel is divided into an arbitrary number of variable bit-rate digital channels or data streams. Incorrect Answers: A: Time-division multiplexing (TDM) is less complex compared to Statistical multiplexing. In its primary form, TDM is used communication with a fixed number of channels and constant bandwidth per channel. B: Asynchronous time-division multiplexing (TDM) is similar to TDM. It uses a fixed number channels, not an arbitrary number of channels like STDM. D: Frequency-division multiplexing (FDM) uses an available wireless spectrum, not a communication channel, to move data. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 672

Answer 336

Correct Answer: B Network Intrusion Detection Systems (NIDS) are placed at a strategic point, such as between the internet-facing router and the firewall, within the network to monitor traffic to and from all devices on the network. Incorrect Answers: A: A host-based IDS is an IDS that is installed on a single computer and can monitor the activities on that computer only. C: It is better to place the IDS between the DMZ and the internet. D: A host-based IDS is an IDS that is installed on a single computer and can monitor the activities on that computer only. References: https://en.wikipedia.org/wiki/Intrusion_detection_system

Answer 337

Correct Answer: C Infrared communications require line-of-sight transmission. This makes infrared relative secure from electronic eavesdropping. Incorrect Answers: A: Infrared eavesdropping does not require more advanced transmissions. B: Infrared operates over short distances, but this is not the main reason it is hard to eavesdrop. Compared to multidirectional radio transmission a direct line of sight is necessary. D: Infrared operates at high frequencies around 430 THz.

Answer 338

Correct Answer: A In IPSec tunnel mode, the entire IP packet is encrypted and/or authenticated. It is then encapsulated into a new IP packet with a new IP header. Tunnel mode is used to create virtual private networks for network-to-network communications (e.g. between routers to link sites), host-to-network communications (e.g. remote user access) and host-to-host communications. Incorrect Answers: B: Tunnel mode, not transport mode, must be used. C: Tunnel mode, not ESP authentication, must be used. D: Only tunnel mode can be used. References: https://en.wikipedia.org/wiki/IPsec#Tunnel_mode

Answer 339

Correct Answer: B IPSec Tunnel mode works at the Internet layer, not at the Transport layer. Incorrect Answers: A: In IPSec tunnel mode, the entire IP packet is encrypted and/or authenticated. C: In tunnel mode, the entire IP packet is encrypted and/or authenticated. It is then encapsulated into a new IP packet with a new IP header. That is, in tunnel mode, there are two sets of IP headers. D: Tunnel mode is used to create virtual private networks for network-to-network communications (e.g. between routers to link sites), host-to-network communications (e.g. remote user access or for gateway services) and host-to-host communications. References: https://en.wikipedia.org/wiki/IPsec#Tunnel_mode

Answer 340

Correct Answer: A Tunnel mode, not transport mode, is required for gateway services. Incorrect Answers: B: Transport mode is allowed between two end hosts only. C: As Transport mode only is allowed between two end hosts, the gateway must act as a host. D: ESP operates directly on top of IP. The encryption is only applied to the upper layer protocols contained in the packet. References: https://tools.ietf.org/html/rfc3884

Answer 341

Correct Answer: C Encrypted authentication is a firewall feature that allows users on an external network to authenticate themselves to prove that they are authorized to access resources on the internal network. Encrypted authentication is convenient because it happens at the transport layer between a client software and a firewall, allowing all normal application software to run without hindrance. Incorrect Answers: A: The firewall encrypted authentication feature is performed at the transport layer, not the network layer. B: The firewall encrypted authentication feature is performed at the transport layer, not the session layer. D: The firewall encrypted authentication feature is performed at the transport layer, not the data link layer. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 1161

Answer 342

Correct Answer: C Pharming is a cyber attack intended to redirect a website's traffic to another, fake site. At the fake site the user can be fooled into providing identity information such as passwords. Incorrect Answers: A: The aim of a smurf attack is not to steal information. A smurf attack is an exploitation of the Internet Protocol (IP) broadcast addressing to create a denial of service. B: Traffic analysis is not mostly used to steal identity information. D: The aim of an Interrupt attack is not to steal information. Interrupt Attacks are aimed to disrupt services. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 272

Answer 343

Correct Answer: B A routing table is a set of rules, often viewed in table format that is used to determine where data packets traveling over an Internet Protocol (IP) network will be directed. The routing table stores route information about directly connected and remote networks. Incorrect Answers: A: An IP Routing table does not contain MAC addresses. B: There are not host names in IP routing tables. D: A routing table does not include a list of network interface which are IP routing enabled. A routing table includes an Interface address, which is the outgoing network interface the device should use when forwarding the packet to the next hop or final destination. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 615

Answer 344

Correct Answer: B BOOTP has been used for Unix-like diskless workstations to obtain the network location of their boot image, in addition to the IP address assignment. Enterprises used it to roll out a pre-configured client (e.g., Windows) installation to newly installed PCs. Incorrect Answers: A: DHCP is a network protocol used on IP networks for dynamically distributing network configuration parameters, such as IP addresses for interfaces and services. C: DNS translates domain names into IP addresses, which enables us to use domain names instead of IP addresses. D: The ARP protocol translates IP addresses to MAC Addresses. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 585

Answer 345

Correct Answer: B The programmer of a piece of software can write a function call that calls upon a subroutine. The subroutine could be local to the system or be on a remote system. If the subroutine is on a remote system, it is a Remote Procedure Call (RPC). The RPC request is carried over a session layer protocol. The result that the remote system provides is then returned to the requesting system over the same session layer protocol. With RPC a piece of software can execute components that reside on another system. Incorrect Answers: A: The remote shell (rsh) is a command line computer program that can execute shell commands as another user, and on another computer across a computer network. RSH is not used to remotely execute software. C: The Network File System (NFS) is not used to execute software remotely. NFS is a client/server application that lets a computer user view and optionally store and update file on a remote computer as though they were on the user's own computer. D: SNMP is used for monitoring the network, not for remote software execution. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 525

Answer 346

Correct Answer: A SNMP is used for monitoring network traffic. SNMP would monitor the traffic on a single segment and there would be no reason to allow SNMP traffic through a firewall. Incorrect Answers: B: Users must be allowed to send email messages, so SMTP traffic must be allowed. C: Users must be allowed to browse the internet, so HTTP traffic must be allowed. D: Users must be allowed to log into a remote machine and execute commands, so SSH traffic must be allowed. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 587

Answer 347

Correct Answer: D Port address translation (PAT) is a dynamic NAT translation. It maps one internal IP address to an external IP address and port number combination. Thus, PAT can theoretically support 65,536 (2 16) simultaneous communications from internal clients over a single external leased IP address. Incorrect Answers: A: With static translation each private address is statically mapped to a specific public address. B: There is no NAT implementation named Load balancing translation. C: There is no NAT implementation called Network redundancy translation. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 606

Answer 348

Correct Answer: A Packet filtering is a firewall technology that makes access decisions based upon network-level protocol header values. The filters can make access decisions based upon the following basic criteria: ✑ Source and destination port numbers (such as an application port or a service number) ✑ Protocol types ✑ Source and destination IP addresses ✑ Inbound and outbound traffic direction Incorrect Answers: B: A packet filtering firewall can grant access to desired services, not dedicated services, through source and destination numbers. C: A packet filtering firewall can grant access to desired services, not delayed services, through source and destination numbers. D: A packet filtering firewall can grant access to desired services, not distributed services, through source and destination numbers. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 630

Answer 349

Correct Answer: C Fiber-optic cable is expensive and difficult to work with. Incorrect Answers: A: Fiber optic cables are not affected by electromagnetic interference (EMI). B: Fiber optic cables are hard to tap. D: Fiber-optic cabling has higher transmission speeds that allow signals to travel over longer distances. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 560

Answer 350

Correct Answer: B A screened-subnet architecture is the most secure solution as it adds another layer of security to the screened-host architecture, which in turn is more secure than both Dual-homed host firewalls and Packet-filtering firewalls. Incorrect Answers: A: Dual-homed host firewalls are less secure compared to screened-host firewall. C: Screened-host firewalls are less secure compared to Screened-subnet firewalls, as the screened-subnet architecture is missing. A screened host is a firewall that communicates directly with a perimeter router and the internal network. D: A packet-filtering firewall is part of a screened-host firewall architecture, but is less secure as the screened-host firewall is missing. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 646

Answer 351

Correct Answer: D Proxy servers act as an intermediary between the clients that want access to certain services and the servers that provide those services. The proxy server sends an independent request to the destination on behalf of the user, thereby masking the origin of the data. Incorrect Answers: A: The proxy server transfer they payload data to the destination. B: The proxy server transfer they payload data (the details of the data) to the destination. C: The origin of the data, not the owner of the data, is masked by the proxy server. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 653

Answer 352

Correct Answer: A A network-based application layer firewall is a computer networking firewall operating at the application layer of a protocol stack, and is also known as a proxy- based or reverse-proxy firewall. Incorrect Answers: B: Application layer firewall works at the application layer, not at the presentation layer. C: Application layer firewall works at the application layer, not at the session layer. D: Application layer firewall works at the application layer, not at the transport layer. References: https://en.wikipedia.org/wiki/Application_firewall#Network-based_application_firewalls

Answer 353

Correct Answer: D The application firewall is typically built to control all network traffic on any OSI layer up to the application layer. At the lowest level the application firewall can examine each data packet. This slows down the performance. Incorrect Answers: A: Making decisions at the application level would not slow down the firewall. B: An application firewall cannot make decisions based on the user. C: Making decisions at the port level would not slow down the firewall, especially compared deciding what to do with each packet. References: https://en.wikipedia.org/wiki/Application_firewall

Answer 354

Correct Answer: A A stateful firewall filters traffic based on OSI Layer 3 (Network layer) and Layer 4 (Transport layer). Incorrect Answers: B: A stateful firewall does not operate at the Application layer. It work at the Network or Transport Layer. C: There is no inspection layer in the OSI model. D: A stateful firewall does not operate at the Data link layer. It work at the Network or Transport Layer. References: , 2nd Edition, Syngress, Waltham, 2012, p. 63

Answer 355

Correct Answer: C Ports up to 1023 are called well-known ports and are reserved for server-side services. The sending system must choose a dynamic port higher than 1023 when it sets up a connection with another entity. The dynamic packet-filtering firewall then creates an Access Control List (ACL) that allows the external entity to communicate with the internal system. Incorrect Answers: A: A Packet filtering firewall makes access decisions based upon network-level protocol header values. It does not use port numbers. B: A Circuit level proxy works at the session layer and does not use ports. D: An Application level proxy works at the packet level, not at the port level. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 640

Answer 356

Correct Answer: A A demilitarized zone is shielded by two firewalls: one right behind the first Internet facing the Internet, and one facing the private network. Incorrect Answers: B: A demilitarized zone is shielded by the Internet facing firewall. It is not placed outside this firewall. C: A demilitarized zone is placed behind the first Internet facing firewall, not behind the first network active firewall. D: A demilitarized zone does not need to be placed behind a network passive Internet http firewall. It just needs to be place behind the first Internet facing firewall. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 629

Answer 357

Correct Answer: A With a screened subnet, two firewalls are used to create a DMZ. Incorrect Answers: B: The three legged model is just one way of implementing a DMZ. A DMZ can be implemented in different ways. C: A place to attract hackers is called a honeypot, not a DMZ. D: A bastion host is not a DMZ. It is a computer that is fully exposed to attack. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 646

Answer 358

Correct Answer: A Knowledge-based detection is also called signature-based detection. In this case the IDS use a signature database and attempts to match all monitored events to its contents. Behavior-based detection is also called statistical intrusion detection, anomaly detection, and heuristics-based detection. Incorrect Answers: B: Behavior-based IDS is not dynamical anomaly-based. Behavior-based IDS can be said to be statistical anomaly-based. C: A knowledge-based IDS uses signatures, not anomalies. D: Motion anomaly-based IDS is not a synonym for behavior-based IDS. References: , 5th Edition, Sybex, Indianapolis, 2011, p. 56

Answer 359

Correct Answer: B In Star topologies twisted-pair cabling is the preferred cabling. Incorrect Answers: A: In a Token Passing configuration Coaxial cabling works fine. C: In a Ring configuration Coaxial cabling works fine. D: Twisted cable has not special advantage compared to other cabling in a point-to-point configuration. References: , 2nd Edition, Syngress, Waltham, 2012, p. 92

Answer 360

Correct Answer: C Token Ring has a built in management and recovery system which makes it very fault tolerant. Incorrect Answers: A: Token link is not a network topology. B: Token system is not a network topology. D: Duplicate ring is not a network topology. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 570

Answer 361

Correct Answer: B Eavesdropping is not a countermeasure, it is a type of attack where you are collecting traffic and attempting to see what is being sent between entities communicating with each other. Traffic analysis, which is sometimes called trend analysis, is a technique employed by an intruder that involves analyzing data characteristics (message length, message frequency, and so forth) and the patterns of transmissions (rather than any knowledge of the actual information transmitted) to infer information that is useful to an intruder. Countermeasures to traffic analysis are similar to the countermeasures to cryptoattacks: ✑ Padding messages. Creating all messages to be a uniform data size by filling empty space in the data. ✑ Sending noise. Transmitting non-informational data elements mixed in with real information to disguise the real message Faraday cage can also be used as a countermeasure to traffic analysis as it prevents intruders from being able to access information emitted via electrical signals from network devices Incorrect Answers: A: Padding messages (creating all messages to be a uniform data size by filling empty space in the data) is a countermeasure to traffic analysis. C: Sending noise (transmitting non-informational data elements mixed in with real information to disguise the real message) is a countermeasure to traffic analysis. D: Faraday cage (preventing intruders from being able to access information emitted via electrical signals from network devices) is a countermeasure to traffic analysis. References: , 2nd Edition, Wiley Publishing, Indianapolis, 2004, p.

Answer 362

Correct Answer: C In the following sequence, the user (Principle P1) is Emily and the server (Principal P2) is a print server: 1. Emily comes in to work and enters her username and password into her workstation at 8:00 A.M. The Kerberos software on Emilys computer sends the username to the authentication service (AS) on the KDC, which in turn sends Emily a ticket granting ticket (TGT) that is encrypted with Emilys password (secret key). 2. If Emily has entered her correct password, then this TGT is decrypted and Emily gains access to her local workstation desktop. 3. When Emily needs to send a print job to the print server, her system sends the TGT to the ticket granting service (TGS), which runs on the KDC, and a request to access the print server. (The TGT allows Emily to prove she has been authenticated and allows her to request access to the print server.) 4. The TGS creates and sends a second ticket to Emily, which she will use to authenticate to the print server. This second ticket contains two instances of the same session key, one encrypted with Emilys secret key and the other encrypted with the print servers secret key. The second ticket also contains an authenticator, which contains identification information on Emily, her systems IP address, sequence number, and a timestamp. 5. Emilys system receives the second ticket, decrypts and extracts the embedded session key, adds a second authenticator set of identification information to the ticket, and sends the ticket on to the print server. 6. The print server receives the ticket, decrypts and extracts the session key, and decrypts and extracts the two authenticators in the ticket. If the print server can decrypt and extract the session key, it knows the KDC created the ticket, because only the KDC has the secret key used to encrypt the session key. If the authenticator information that the KDC and the user put into the ticket matches, then the print server knows it received the ticket from the correct principal. 7. Once this is completed, it means Emily has been properly authenticated to the print server and the server prints her document. Incorrect Answers: A: Principal P2 does not need to authenticate to the Key Distribution Center (KDC). There are more steps required than there are listed in this answer. B: Principal P1 must authenticate first. Principal P2 does not request a service ticket from the KDC. There are more steps required than there are listed in this answer. D: There are more steps required than there are listed in this answer. E: Principal P1 must authenticate first. Principal P1 does not request a service ticket from the application server P2. There are more steps required than there are listed in this answer. F: Principal P2 does not need to authenticate to the Key Distribution Center (KDC). Principal P2 does not request a service ticket from Principal P1. There are more steps required than there are listed in this answer. References: , 6th Edition, McGraw-Hill, 2013, p. 210

Answer 363

Correct Answer: C In a carefully crafted buffer overflow attack, the stack is filled properly so the return pointer can be overwritten and control is given to the malicious instructions that have been loaded onto the stack instead of back to the requesting application. This allows the malicious instructions to be executed in the security context of the requesting application. In this example the buffer is filled with NOP's (No Operation) commands followed by the instruction that the attacker wants to be executed. Incorrect Answers: A: Syn scanning is not done by sending a packet with a long string of instructions. Syn scanning s is done by sending a SYN (synchronization) packet, as if to initiate a three-way handshake, to every port on the server. B: A port scan is not done by sending a single packet with long string of instructions. A port scan, such as a half-port scan, is a series of messages sent by someone attempting to break into a computer to learn which computer network services, each associated with a "well-known" port number, the computer provides. D: The purpose of sending this packet filled of instructions is likely to be a buffer-overflow attack, not that the packet is destined for the network's broadcast address. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 335

Answer 364

Correct Answer: D LANs are typically protected from the Internet by firewalls. However, to allow external access to a LAN, you need to open ports on the firewall to allow the connections. With the firewall allowing external connections into the LAN, your last line of defense is authentication. You need to ensure that the remote user connecting to the LAN is who they say they are. Therefore, before allowing external access into a LAN, you should plan and implement proper authentication. Incorrect Answers: A: Workstation locking mechanisms are not the most important consideration when allowing external access to a LAN. Without the proper authentication mechanism in place, an intruder could connect to the LAN from an unlocked workstation. B: Protecting the modem pool (if a modem pool is used to provide the remote access) is not the most important consideration when allowing external access to a LAN. Without the proper authentication mechanism in place, an intruder could connect to the LAN. C: Providing the user with his account usage information is not the most important consideration when allowing external access to a LAN. Protecting LAN resources by ensuring only authorized people can connect to the LAN is far more important.

Answer 365

Correct Answer: B Anomaly Detection IDS learns about the normal activities and events on your system by watching and tracking what it sees. Once it has accumulated enough data about normal activity, it can detect abnormal and possibly malicious activities or events. There is a small risk that some non-harmful activity is classified as anomaly by mistake false positives can occur. Incorrect Answers: A: A Pattern Matching IDS uses a signature database and attempts to match all monitored events to its contents. Only activities present in the database will be detected. There will be no false positives. C: Host-based intrusion detection is not an IDS analysis method. It is a classification on information source. A host - based IDS watches for questionable activity on a single computer system, especially by watching audit trails, event logs, and application logs. D: Network-based intrusion detection is not an IDS analysis method. It is a classification on information course. Here the source is a network segment. References: , 5th Edition, Sybex, Indianapolis, 2011, p. 56

Answer 366

Correct Answer: A Some Intrusion Detection System (IDS) evasion techniques involve deliberately violating the TCP or IP protocols in a way the target computer will handle differently from the IDS. For example, the TCP Urgent Pointer is handled differently on different operating systems and may not be handled correctly by the IDS. Incorrect Answers: B: It is very unlikely that a changed TCP Urgent pointer value is caused by a hardware problem, such as a damaged network cable. C: It is very unlikely that a changed TCP Urgent pointer value is caused by a hardware problem, such as a damaged network card, or by a corrupt driver. D: The TCP Urgent pointer field does not contain checksums. References: https://en.wikipedia.org/wiki/Intrusion_detection_system_evasion_techniques

Answer 367

Correct Answer: C A tunneling protocol allows a network user to access or provide a network service that the underlying network does not support or provide directly. Because tunneling involves repackaging the traffic data into a different form, perhaps with encryption as standard, one use of tunneling is to hide the nature of the traffic that is run through the tunnels. Incorrect Answers: A: Piggybacking on Internet access is the practice of establishing a wireless Internet connection by using another subscriber's wireless Internet access service without the subscriber's explicit permission or knowledge. B: Steganography uses files, not protocols. Steganography is the practice of concealing a file, message, image, or video within another file, message, image, or video. D: One protocol carrying another is called tunneling, not concealing. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 702

Answer 368

Correct Answer: B The transport layer provides host-to-host (for example, computer-to-computer) communication services. The session layer provides the mechanism for opening, closing and managing a session between end-user application processes. Incorrect Answers: A: The session layer sets up communication between applications, not between protocols. C: The session layer sets up communication between applications, not between computer systems. The transport layer provides host-to-host communication services, not protocol-to-protocol services. D: The session layers sets up communication between applications, while the Transport layer sets up connections between computer systems. Not vice versa. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 522

Answer 369

Correct Answer: C An attacker that can modify the address table for a network device can potentially compromise the network. Modifying the address table with fake entries can cause switches to send frames to wrong nodes. An attacker can compromise the ARP table and change the MAC address so that the IP address points to his own MAC address. This type of attack is called an ARP table poisoning attack or a man-in-the-middle attack. Incorrect Answers: A: There is no hacker attack method called Reverse ARP. B: ARP spoofing, ARP cache poisoning, or ARP poison routing, is a technique by which an attacker sends (spoofed) Address Resolution Protocol (ARP) messages onto a local area network. D: There is no hacker attack method called Reverse ARP table poisoning.

Answer 370

Correct Answer: A Authenticity is a close relative of authentication. Authenticity is the process of ensuring that a message received is the same message that was sent and has not been tampered with or altered. Lawyers, as a real-world case in point, are fanatical about ensuring that evidence is authentic and has not been tampered with or altered in any way to ensure a fair hearing for the accused. Incorrect Answers: B: Authorization is the rights and permissions granted to an individual (or process), which enable access to a computer resource. Once a users identity and authentication are established, authorization levels determine the extent of system rights that an operator can hold. This is not what is described in the question. C: Availability ensures the reliable and timely access to data or computing resources by the appropriate personnel. In other words, availability guarantees that the systems are up and running when they are needed. In addition, this concept guarantees that the security services needed by the security practitioner are in working order. This is not what is described in the question. D: Nonrepudiation is the assurance that someone cannot deny something. Typically, nonrepudiation refers to the ability to ensure that a party to a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated. This is not what is described in the question. References: http://www.yourdictionary.com/authenticity

Answer 371

Correct Answer: A Port knocking is an authentication method used by network administrators to control access to computers or other network devices behind a firewall. Port knocking takes advantage of firewall rules to allow a client who knows the "secret knock" to enter the network through a particular port by performing a sequence of connection attempts (called a knock sequence). The correct knock sequence for any given port is created for specific IP addresses by the network administrator. A small program called a daemon monitors the firewall log files for connection requests and determines whether or not a client seeking the network is on the list of approved IP addresses and has performed the correct knock sequence. If the answer is yes, it opens the associated port and allows access. Of course, if unauthorized personnel discover the knock sequence, then they, too, can gain access. Incorrect Answers: B: Port knocking is not where the user calls the server operator to have him start the service he wants to connect to. C: Port knocking is not where all the ports are open on the server and the connecting client scans the open port to which he wants to connect to see if it's open and running. D: Port knocking is not where the port sequence is encrypted with 3DES and only the server has the other key to decrypt the port sequence. References: http://whatis.techtarget.com/definition/port-knocking http://www.portknocking.org/

Answer 372

Correct Answer: A Role-based access control (RBAC) provides access to resources according to the role the user holds within the company or the tasks that the user has been assigned. Incorrect Answers: B: Mandatory access control (MAC) is an access policy that restricts access to objects based on the security clearance of a subject and the classification of an object. C: Discretionary access control (DAC) is an access control model and policy that restricts access to objects according to the identity of the subjects and the groups to which those subjects belong. D: Rule-based access control makes use of explicit rules that specify what can and cannot happen between a subject and an object. References: , 6th Edition, McGraw-Hill, 2013, pp. 220-228

Answer 373

Correct Answer: C Controls can be administrative, logical or technical, and physical. ✑ Administrative controls include policies and procedures, security awareness training, background checks, work habit checks, a review of vacation history, and increased supervision. ✑ Logical or technical controls involve the restriction of access to systems and the protection of information. Examples of these types of controls are encryption, smart cards, access control lists, and transmission protocols. ✑ Physical controls incorporate guards and building security in general, such as the locking of doors, securing of server rooms or laptops, the protection of cables, the separation of duties, and the backing up of files. Incorrect Answers: A: The controls listed in this answer are all administrative controls (including a review of vacation history). B: Technical controls DO include encryption, smart cards, access lists, and transmission protocols. D: The controls listed in this answer are all administrative controls. References: , Wiley Publishing, Indianapolis, 2007, p. 47

Answer 374

Correct Answer: C The *-property ("star"-property) states that a subject in a specified security level cannot write information to a lower security level. This property is also known as the Confinement property. Incorrect Answers: A: The simple security property is only known as the simple security property. B: The *-property ("star"-property) is also known as the Confinement property, not the confidentiality property. D: The *-property ("star"-property) is also known as the Confinement property, not the tranquility property. References: http://cse.yeditepe.edu.tr/~odemir/fall2010/cse439/lecture11.pdf http://en.wikipedia.org/wiki/Biba_Model http://en.wikipedia.org/wiki/Mandatory_access_control http://en.wikipedia.org/wiki/Discretionary_access_control http://en.wikipedia.org/wiki/Clark-Wilson_model http://en.wikipedia.org/wiki/Brewer_and_Nash_model

Answer 375

Correct Answer: B With Non-Discretionary Access Control, a central authority determines what subjects can have access to certain objects based on the organizational security policy. The access controls may be based on the individuals role in the organization (role-based access control) or the subjects responsibilities and duties (task- based access control). In an organization where there are frequent personnel changes, non-discretionary access control is useful because the access controls are based on the individuals role or title within the organization. These access controls do not need to be changed whenever a new person takes over that role. Incorrect Answers: A: In RBAC, the access controls are based on the individuals role in the organization, not the societys role in the organization. C: In RBAC, the access controls are based on the individuals role in the organization, not the group-dynamics as they relate to the individual's role in the organization. D: In RBAC, the access controls are based on the individuals role in the organization, not the group-dynamics as they relate to the master-slave role in the organization. References: , Wiley Publishing, Indianapolis, 2007, p. 48

Answer 376

Correct Answer: B Controlling access to information systems and associated networks is necessary for the preservation of their confidentiality, integrity, and availability. Confidentiality assures that the information is not disclosed to unauthorized persons or processes. Integrity ensures the consistency of data. Availability assures that a systems authorized users have timely and uninterrupted access to the information in the system. The additional access control objectives are reliability and utility. Incorrect Answers: A: Consistency is not one of the defined additional access control objectives. C: Usefulness is not one of the defined additional access control objectives. D: Convenience is not one of the defined additional access control objectives. References: , Wiley Publishing, Indianapolis, 2007, p. 46

Answer 377

Correct Answer: C Role-based access control (RBAC) is a model where access to resources is determines by job role rather than by user account. Hierarchical RBAC allows the administrator to set up an organizational RBAC model that maps to the organizational structures and functional delineations required in a specific environment. This is very useful since businesses are already set up in a personnel hierarchical structure. In most cases, the higher you are in the chain of command, the more access you will most likely have. Role relation defines user membership and privilege inheritance. For example, the nurse role can access a certain amount of files, and the lab technician role can access another set of files. The doctor role inherits the permissions and access rights of these two roles and has more elevated rights already assigned to the doctor role. So hierarchical is an accumulation of rights and permissions of other roles. Reflects organizational structures and functional delineations. Incorrect Answers: A: Access control lists form the basis of access control; they determine who can access what. However, "access control lists" on its own is not a model that maps to the organizational structures and functional delineations required in a specific environment. B: Discretionary access control is a model where the subjects must have the discretion to specify what resources certain users are permitted to access. This is not a model that maps to the organizational structures and functional delineations required in a specific environment. D: Non-mandatory access control is not a defined access control model. It would imply any access model that is not mandatory access control. References: , 6th Edition, McGraw-Hill, 2013, pp. 224-226

Answer 378

Correct Answer: A The BellLaPadula Model (abbreviated BLP) is a state machine model used for enforcing access control in government and military applications. It was developed by David Elliott Bell and Leonard J. LaPadula, subsequent to strong guidance from Roger R. Schell to formalize the U.S. Department of Defense (DoD) multilevel security (MLS) policy. The model is a formal state transition model of computer security policy that describes a set of access control rules which use security labels on objects and clearances for subjects. Security labels range from the most sensitive (e.g., "Top Secret"), down to the least sensitive (e.g., "Unclassified" or "Public"). Incorrect Answers: B: The Biba Model describes a set of access control rules designed to ensure data integrity. It is not used for enforcing access control in government and military applications. C: The Sutherland model is an information flow model. It is not used for enforcing access control in government and military applications. D: The Brewer and Nash Model deals with conflict of interest. It is not used for enforcing access control in government and military applications. References: https://en.wikipedia.org/wiki/BellLaPadula_model

Answer 379

Correct Answer: C A lattice is a mathematical construct that is built upon the notion of a group. The most common definition of the lattice model is "a structure consisting of a finite partially ordered set together with least upper and greatest lower bound operators on the set." Two methods are commonly used for applying mandatory access control: ✑ Rule-based (or label-based) access control: This type of control further defines specific conditions for access to a requested object. A Mandatory Access Control system implements a simple form of rule-based access control to determine whether access should be granted or denied by matching: - An object's sensitivity label - A subject's sensitivity label ✑ Lattice-based access control: These can be used for complex access control decisions involving multiple objects and/or subjects. A lattice model is a mathematical structure that defines greatest lower-bound and least upper-bound values for a pair of elements, such as a subject and an object. Incorrect Answers: A: The model described in the question is a type of mandatory access control. However, the Lattice Model is specifically described in the question. B: A discretionary model is not what is described in the question. D: A rule model is not what is described in the question. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 381 https://en.wikipedia.org/wiki/Computer_access_control

Answer 380

Correct Answer: D Kerberos is based on symmetric key cryptography, not asymmetric key cryptography, which is also called public and private keys. Incorrect Answers: A: Kerberos is based on symmetric key cryptography. B: The authentication service is the part of the KDC that authenticates a principal C: Principals can be users, applications, or network services that receive security services from the KDC. References: , 6th Edition, McGraw-Hill, 2013, pp. 209-213, 782

Answer 381

Correct Answer: B Access control lists defines subjects that are authorized to access a specific object, and includes the level of authorization that subjects are granted. Incorrect Answers: A: A capability table stipulates the access rights that a specified subject has in relation to detailed objects. C: An access control matrix is a table of subjects and objects that specifies the actions individual subjects can take upon individual objects. D: A role-based matrix is not a valid answer with regards to this question. References:

Answer 382

Correct Answer: C An access control matrix is a table of subjects and objects that specifies the actions individual subjects can take upon individual objects. Incorrect Answers: A: A capacity table is not valid with regards to the context of this question. B: Access control lists define subjects that are authorized to access a specific object, and includes the level of authorization that subjects are granted. D: A capability table stipulates the access rights that a specified subject has in relation to detailed objects. References:

Answer 383

Correct Answer: B MAC systems are generally very specialized and are used to protect highly classified data. Users require the correct security clearance to access a specific classification of data. Incorrect Answers: A: Discretionary Access Control (DAC) allows data owners to dictate what subjects have access to the files and resources they own. C: An access control matrix is a table of subjects and objects indicating the actions individual subjects are allowed to take on individual objects. D: TACACS is a remote access protocol, not an access control model. References:

Answer 384

Correct Answer: A Rule-based access control makes use of explicit rules that specify what can and cannot happen between a subject and an object. Incorrect Answers: B: An access control matrix is a table of subjects and objects specifying the actions individual subjects can take upon individual objects. C: Identification is a mechanism that falls under the Technical controls banner. D: Access terminal refers to the workstation that allows access. References: , 6th Edition, McGraw-Hill, 2013, pp. 28, 227-229

Answer 385

Correct Answer: D A retinal scan is a biometric technique that uses the unique patterns on a person's retina blood vessels. The human retina is a thin tissue composed of neural cells that is located in the posterior portion of the eye. Because of the complex structure of the capillaries that supply the retina with blood, each person's retina is unique. The network of blood vessels in the retina is not entirely genetically determined and thus even identical twins do not share a similar pattern. Although retinal patterns may be altered in cases of diabetes, glaucoma or retinal degenerative disorders, the retina typically remains unchanged from birth until death. Due to its unique and unchanging nature, the retina appears to be the most precise and reliable biometric, aside from DNA. The National Center for State Courts estimate that retinal scanning has an error rate of one in ten million. A retinal scan is performed by casting an unperceived beam of low-energy infrared light into a persons eye as they look through the scanner's eyepiece. This beam of light traces a standardized path on the retina. Because retinal blood vessels absorb light more readily than the surrounding tissue, the amount of reflection varies during the scan. The pattern of variations is digitized and stored in a database. Incorrect Answers: A: A retinal scan does not measure the amount of light reaching the retina. Therefore, this answer is incorrect. B: A retinal scan does not measure the amount of light reflected by the retina. Therefore, this answer is incorrect. C: A retinal scan does not measure the pattern of light receptors at the back of the eye. Therefore, this answer is incorrect. References: https://en.wikipedia.org/wiki/Retinal_scan

Answer 386

Correct Answer: C Non-discretionary access control is when the system administrator or a single management body within an organization centrally controls access to all resources for everybody on a network. Incorrect Answers: A: Mandatory access control (MAC) is an access policy that restricts access to objects based on the security clearance of a subject and the classification of an object. B: Discretionary access control (DAC) is an access control model and policy that restricts access to objects according to the identity of the subjects and the groups to which those subjects belong. D: Rule-based access control makes use of explicit rules that specify what can and cannot happen between a subject and an object. References: , 6th Edition, McGraw-Hill, 2013, pp. 220-228

Answer 387

Correct Answer: A An identity-based access control is a type of Discretionary Access Control (DAC) that is based on an individual's identity. Incorrect Answers: B: Rule-based Access control is based on rules. C: Non-Discretionary Access Control does not allow access based on discretion. D: Lattice-based Access control is a type of label-based mandatory access control model. References: , 6th Edition, McGraw-Hill, 2013, pp. 220-228 https://en.wikipedia.org/wiki/Lattice-based_access_control

Answer 388

Correct Answer: C Non-discretionary access control is when the system administrator or a single management body within an organization centrally controls access to all resources for everybody on a network. This type of access control can be role based or rule based, as both of these prevents users from making access decisions based upon their own discretion. Incorrect Answers: A: Mandatory Access Control is based on a security label system. B: Discretionary Access control is based on identity. D: Rule Based Access Control is based on rules. References: , 6th Edition, McGraw-Hill, 2013, pp. 220-228 http://www.answers.com/Q/What_is_Non_discretionary_access_control https://en.wikibooks.org/wiki/Fundamentals_of_Information_Systems_Security/Access_Control_Systems#Non_Discretionary_or_Role_Based_Access_Control

Answer 389

Correct Answer: C Organizations should have a process for (1) requesting, establishing, issuing, and closing user accounts; (2) tracking users and their respective access authorizations; and (3) managing these functions. Reviews should examine the levels of access each individual has, conformity with the concept of least privilege, whether all accounts are still active, whether management authorizations are up-to-date, whether required training has been completed, and so forth. These reviews can be conducted on at least two levels: (1) on an application-by-application basis, or (2) on a system wide basis. The strength of user passwords is beyond the scope of a simple user account management review, since it requires specific tools to try and crack the password file/database through either a dictionary or brute-force attack in order to check the strength of passwords. Incorrect Answers: A: A periodic review of user account management should determine conformity with the concept of least privilege. B: A periodic review of user account management should determine whether active accounts are still being used. D: A periodic review of user account management should determine whether management authorizations are up-to-date.

Answer 390

Correct Answer: D Mandatory access control (MAC) is an access policy that restricts access to objects based on the security clearance of a subject and the classification of an object. Incorrect Answers: A: Identity-based access control is a type of DAC system that allows or prevents access based on the identity of the subject. B: Role-based access control (RBAC) provides access to resources according to the role the user holds within the company or the tasks that the user has been assigned. C: Access in a DAC model is restricted based on the authorization granted to the users. References: , 6th Edition, McGraw-Hill, 2013, pp. 220-228

Answer 391

Correct Answer: C Kerberos uses symmetric key cryptography and provides end-to-end security. Although it allows the use of passwords for authentication, it was designed specifically to eliminate the need to transmit passwords over the network. Most Kerberos implementations work with shared secret keys. Kerberos uses a credential-based mechanism as the basis for identification and authentication. Kerberos credentials are referred to as tickets. Incorrect Answers: A: Kerberos does not use public key cryptography (asymmetric); it uses symmetric key cryptography. B: Kerberos does not use X.509 certificates. X.509 certificates are used in public key cryptography. D: Kerberos was not developed by Microsoft; it was developed in the mid-1980s as part of MITs Project Athena. References: , 6th Edition, McGraw-Hill, 2013, p. 209

Answer 392

Correct Answer: C Kerberos is a trusted, third party authentication protocol that was developed under Project Athena at MIT. Using symmetric key cryptography, Kerberos authenticates clients to other entities on a network of which a client requires services. Because a clients password is used in the initiation of the Kerberos request for the service protocol, password guessing can be used to impersonate a client. Kerberos does not use public key cryptography (asymmetric); it uses symmetric key cryptography. Incorrect Answers: A: It is true that a client can be impersonated by password-guessing. B: It is true that Kerberos is mostly a third-party authentication protocol. D: It is true that Kerberos provides robust authentication. References: , Wiley Publishing, Indianapolis, 2007, p. 64 http://www.ietf.org/rfc/rfc4556txt

Answer 393

Correct Answer: D Secure Remote Procedure Call (S- RPC) is an authentication service and is simply a means to prevent unauthorized execution of code on remote systems. Incorrect Answers: A: S-RPC provides authentication, not availability. B: S-RPC provides authentication, not accountability. C: S-RPC provides authentication, not integrity. References: , 5th Edition, Sybex, Indianapolis, 2011, p. 1419

Answer 394

Correct Answer: C A smart Card that has two chips with the ability of utilizing both Contact and Contactless formats is called a combi card. Incorrect Answers: A: Contact Smart Cards are not configured for the Contactless format. B: Contactless Smart Cards are not configured for the Contact format C: The hybrid card makes use of two CPU chips for processing and includes both contact-oriented and contactless components. D: The combi-card is similar to the hybrid card, but it only uses a single CPU chip for the processing. References: , OReilly Media, 2013, Sebastopol, p. 82 http://www.smartcardalliance.org/pages/smart-cards-intro-primer

Answer 395

Correct Answer: D A system that reads a persons retina scans the blood-vessel pattern of the retina on the backside of the eyeball. This pattern has shown to be extremely unique between different people. A camera is used to project a beam inside the eye and capture the pattern and compare it to a reference file recorded previously. Acceptability in terms of biometric systems refers to considerations of privacy, invasiveness, and psychological and physical comfort when using the system. For example, a concern with retina scanning systems may be the exchange of body fluids on the eyepiece or the feeling that a retinal scan could be harmful to the eye. Another concern would be the retinal pattern that could reveal changes in a persons health, such as diabetes or high blood pressure. Incorrect Answers: A: While requiring contact with a surface shared by others, a palm scan is generally considered more acceptable than sharing a surface with other parts of the anatomy. Therefore, this answer is incorrect. B: A Hand Geometry scan is less accurate and more acceptable than a retina scan. Therefore, this answer is incorrect. C: A fingerprint scan is more acceptable to users than a retina scan. Users are much more likely to prefer placing their fingers on a fingerprint scanner than looking into a retina scanner. Therefore, this answer is incorrect. References: , Wiley Publishing, Indianapolis, 2007, p. 60 , 6th Edition, McGraw-Hill, 2013, p. 191

Answer 396

Correct Answer: D Identity management is the combination of business process and technology used to manage data on IT systems and applications about users. Managed data includes user objects, identity attributes, security entitlements and authentication factors. Enterprises manage identity data about two broad kinds of users: ✑ Insiders: including employees and contractors. They often access multiple internal systems and their identity profiles are relatively complex. ✑ Outsiders: including customers, partners and vendors. There are normally many more outsiders than insiders. One of the challenges presented by Identity management is scalability. Enterprises manage user profile data for large numbers of people. There may be tens of thousands of insiders and hundreds of thousands of outsiders. Any identity management system used in this environment must scale to support the data volumes and peak transaction rates produced by large user populations. Incorrect Answers: A: Increasing the number of points of failures is not key management challenge regarding identity management solutions. There should be no single points of failure but this would be more of a concern for the IT department than management. B: Users not being able to "recycle" their password for different applications is not a concern for management. C: A working scalable identity management system is more important to management than the cost. The resource requirement for identity management technologies is not that much when compared to the cost of other systems. References: http://hitachi-id.com/password-manager/docs/defining-enterprise-identity-management.html

Answer 397

Correct Answer: A A passphrase is a sequence of characters that is longer than a password. The user enters this phrase into an application, and the application transforms the value into a virtual password, making the passphrase the length and format that is required by the application. (For example, an application may require your virtual password to be 128 bits to be used as a key with the AES algorithm.) If a user wants to authenticate to an application, such as Pretty Good Privacy (PGP), he types in a passphrase, lets say StickWithMeKidAndYouWillWearDiamonds. The application converts this phrase into a virtual password that is used for the actual authentication. A passphrase is more secure than a password because it is longer, and thus harder to obtain by an attacker. In many cases, the user is more likely to remember a passphrase than a password. Incorrect Answers: B: The passphrase is not converted into a new passphrase by the system. C: The passphrase is not converted into a new passphrase by the encryption technology. D: The passphrase is not converted into a real password by the system which can be used forever. References: , 6th Edition, McGraw-Hill, 2013, p. 199 http://www.itl.nist.gov/fipspubs/fip112htm

Answer 398

Correct Answer: A Extensible Authentication Protocol (EAP) is defined as: A framework that supports multiple, optional authentication mechanisms for PPP, including clear-text passwords, challenge-response, and arbitrary dialog sequences. The Extensible Authentication Protocol (EAP) is a protocol for wireless networks that expands on authentication methods used by the Point-to-Point Protocol (PPP), a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication. Incorrect Answers: B: The definition in the question does not describe Challenge Handshake Authentication Protocol. C: The definition in the question does not describe Remote Authentication Dial-In User Service. D: The definition in the question does not describe Multilevel Authentication Protocol. References: http://www.sans.org/security-resources/glossary-of-terms/?pass=e http://searchsecurity.techtarget.com/definition/Extensible-Authentication-Protocol-EAP

Answer 399

Correct Answer: C In addition to the accuracy of the biometric systems, there are other factors that must also be considered. These factors include the enrollment time, the throughput rate, and acceptability. The throughput rate is the rate at which individuals, once enrolled, can be processed and identified or authenticated by a system. Acceptable throughput rates are in the range of 10 subjects per minute. Incorrect Answers: A: 100 subjects per minute is just over half a second per user. This is way faster than is necessary. B: 25 subjects per minute is less than 3 seconds per user. This is faster than necessary as people using a biometric scanner would not use it that quickly. D: 50 subjects per minute is just over one second per user. This is faster than necessary as people using a biometric scanner would not use it that quickly. References: , Wiley Publishing, Indianapolis, 2007, p. 59

Answer 400

Correct Answer: A Of the answers given, the iris is the least likely to change over a long period of time which makes the iris pattern better suited for authentication use over a long period of time. The iris is the colored portion of the eye that surrounds the pupil. The iris has unique patterns, rifts, colors, rings, coronas, and furrows. The uniqueness of each of these characteristics within the iris is captured by a camera and compared with the information gathered during the enrollment phase. Of the biometric systems, iris scans are the most accurate. The iris remains constant through adulthood, which reduces the type of errors that can happen during the authentication process. Incorrect Answers: B: A persons voice pattern is less suited for authentication use over a long period of time because the voice pattern can change over time. C: A persons signature is less suited for authentication use over a long period of time because the signature can change over time. D: A persons retina pattern is less suited for authentication use over a long period of time because the retina pattern can change over time and can be changed by illnesses such as Diabetes. References: , 6th Edition, McGraw-Hill, 2013, p. 191

Answer 401

Correct Answer: D Single sign-on (SSO) gives the administrator the ability to streamline user accounts and better control access rights. It, therefore, improves an administrator's ability to manage users and user configurations to all associated systems. Incorrect Answers: A: A disadvantage of SSO is that insufficient software solutions accommodate all major operating system environments. A mix of solutions must, therefore, be adapted to the enterprise's IT architecture and strategic direction. B: A disadvantage of SSO is that considerable interface development and maintenance may be required, which could be costly. C: SSO could be single point of failure and total compromise of an organization asset. This means that that if an attacker uncovers a credential set, the attacker would have access to every resource within the environment that the compromised account has access to. References: , 6th Edition, McGraw-Hill, 2013, pp. 207-209

Answer 402

Correct Answer: A A lattice is a mathematical construct that is built upon the notion of a group. The most common definition of the lattice model is "a structure consisting of a finite partially ordered set together with least upper and greatest lower bound operators on the set." Two methods are commonly used for applying mandatory access control: ✑ Rule-based (or label-based) access control: This type of control further defines specific conditions for access to a requested object. A Mandatory Access Control system implements a simple form of rule-based access control to determine whether access should be granted or denied by matching: - An object's sensitivity label - A subject's sensitivity label ✑ Lattice-based access control: These can be used for complex access control decisions involving multiple objects and/or subjects. A lattice model is a mathematical structure that defines greatest lower-bound and least upper-bound values for a pair of elements, such as a subject and an object. Incorrect Answers: B: The subjects upper bound must be equal or higher, not lower than the upper bound of the object being accessed. C: The subject must have an upper bound. D: The subject must have access rights determined by an upper bound. References: , 6th Edition, McGraw-Hill, 2013, p. 381 https://en.wikipedia.org/wiki/Computer_access_control http://en.wikipedia.org/wiki/Lattice-based_access_control

Answer 403

Correct Answer: A There are three main performance measures in biometrics. These measures are as follows: ✑ False Rejection Rate (FRR) or Type I Error. The percentage of valid subjects that are falsely rejected. ✑ False Acceptance Rate (FAR) or Type II Error. The percentage of invalid subjects that are falsely accepted. ✑ Crossover Error Rate (CER). The percent in which the False Rejection Rate equals the False Acceptance Rate. Almost all types of detection permit a systems sensitivity to be increased or decreased during an inspection process. If the systems sensitivity is increased, such as in an airport metal detector, the system becomes increasingly selective and has a higher FRR. Conversely, if the sensitivity is decreased, the FAR will increase. Thus, to have a valid measure of the system performance, the CER is used. Incorrect Answers: B: FRR is the percentage of valid subjects that are falsely rejected. It is not used to compare accuracy of biometric devices. C: FAR is the percentage of invalid subjects that are falsely accepted. It is not used to compare accuracy of biometric devices. D: FER is not used to compare accuracy of biometric devices. References: , Wiley Publishing, Indianapolis, 2007, p. 59 https://en.wikipedia.org/wiki/Biometrics

Answer 404

Correct Answer: C Passwords that are generated by a system or a password generation tool are robust passwords in that they will contain a mix of uppercase characters, lowercase characters, numbers and non-alphanumeric characters. One of the benefits of system-generated passwords is that they are LESS (not more) vulnerable to brute force and dictionary attacks. Incorrect Answers: A: It is true that system-generated passwords are harder to remember for users. This is due to the complexity of the password. B: It is true that if the password-generating algorithm gets to be known, the entire system is in jeopardy. This is because it would be possible to crack the passwords by using the algorithm used to create the passwords. D: It is true that system-generated passwords are harder to guess for attackers. This is due to the complexity of the password.

Answer 405

Correct Answer: C Biometrics are based on the Type 3 authentication mechanism something you are. Biometrics are defined as an automated means of identifying or authenticating the identity of a living person based on physiological or behavioral characteristics. The most critical characteristic of a biometric identifying system (or any other identification and authentication system) is the accuracy of the system. The system needs to ensure that the identification of the person is correct. Incorrect Answers: A: The perceived intrusiveness of a biometric system is an important consideration. Users will not be happy to use a system which is perceived to be too intrusive. However, this is not as critical as the accuracy of the system. B: The storage requirement of a biometric system is not an important consideration. Storage is cheap nowadays and biometric data does not require much storage space. D: The scalability of a biometric system could be an important consideration if the company intends to expand in the future although most biometric systems are easily scalable. However, this is not as critical as the accuracy of the system. References: , Wiley Publishing, Indianapolis, 2007, p. 58

Answer 406

Correct Answer: B A Type II Error occurs when the system accepts impostors who should be rejected. This type of error is the most dangerous type, and therefore the most important to avoid. Incorrect Answers: A: A Type I Error is when a biometric system rejects an authorized individual. It is not as dangerous as a Type II Error, and therefore not the most important to avoid. C: Combined Error Rate is not a valid type of biometric error. D: The crossover error rate (CER) is a percentage that signifies the point at which the false rejection rate equals the false acceptance rate. It is the most important measurement when determining the systems accuracy. References: , 6th Edition, McGraw-Hill, 2013, p. 188

Answer 407

Correct Answer: D Masquerading is the term used when one user pretends to be another user. Strong authentication is the best defense against this. Authentication is based on the following three factor types: ✑ Type 1. Something you know, such as a PIN or password ✑ Type 2. Something you have, such as an ATM card or smart card ✑ Type 3. Something you are (physically), such as a fingerprint or retina scan Biometrics verifies an individuals identity by analyzing a unique personal attribute or behavior, which is one of the most effective and accurate methods of verifying identification. A biometric authentication such as a fingerprint cannot be imitated which makes biometrics the best defense against masquerading attacks. Incorrect Answers: A: A user Id and password can be guessed by an attacker. This is not the best identification and authentication method to prevent local masquerading attacks. B: A smart card can be stolen and the PIN guessed by an attacker. This is not the best identification and authentication method to prevent local masquerading attacks. C: Two-factor authentication is more secure than other methods but still less secure than biometrics. Two-factor authentication could comprise of "something you have" and "something you know". The "something you have" such as a smart card could be stolen by an attacker and the "something you know" such as a PIN could be guessed. This is not the best identification and authentication method to prevent local masquerading attacks. References: , Wiley Publishing, Indianapolis, 2007, p. 57 , 6th Edition, McGraw-Hill, 2013, p. 187

Answer 408

Correct Answer: B Cognitive passwords refer to fact-based or opinion-based information used to verify the identity of an individual. The cognitive password enrollment process requires the answering of some questions based on the users life experiences. Incorrect Answers: A: Passwords that can be used only once are known as one-time passwords (OTPs). C: Password generators that use a challenge response scheme are known as asynchronous token devices. D: A passphrase is a sequence of characters that is longer than a password. References: , 6th Edition, McGraw-Hill, 2013, pp. 195-199

Answer 409

Correct Answer: C Legacy single sign on (SSO) is a mechanism where users can authenticate themselves once, and then a central repository of their credentials is used to launch various legacy applications. An SSO solution may provide a bottleneck or single point of failure. If the SSO server goes down, users are unable to access network resources. This is why its a good idea to have some type of redundancy or fail-over technology in place. Incorrect Answers: A: Legacy single sign on (SSO) enables users to sign on once; they do not have to sign on to every application. B: Legacy single sign on (SSO) is not technology to manage passwords consistently across multiple platforms, enforcing policies such as password change intervals. This can be done with password synchronization. D: Legacy single sign on (SSO) is not another way of referring to SESAME and KryptoKnight. References: , 6th Edition, McGraw-Hill, 2013, p. 177

Answer 410

Correct Answer: B Synchronous dynamic tokens make use of time or counters to synchronize a displayed token code with the code expected by the authentication server. Hence, the codes are synchronized. Incorrect Answers: A: Static passwords are reusable passwords that may or may not expire, and are normally user generated. C: Asynchronous dynamic tokens are not synchronized with a central server. D: Challenge-response tokens are asynchronous dynamic password tokens. References: , 2nd Edition, Syngress, Waltham, 2012, pp. 30-36

Answer 411

Correct Answer: D Type 2 authentication is based on something you have, like a token. Biometrics for part of Type 3 authentication, which is based on something you are. Something you are refers to an individuals physical traits. Incorrect Answers: A, B, C: These options are all TRUE with regards to biometrics. References: , 2nd Edition, Syngress, Waltham, 2012, pp. 35-37 , 6th Edition, McGraw-Hill, 2013, pp. 187-189

Answer 412

Correct Answer: B Identification and authentication are the keystones of most access control systems. Identification is the act of a user professing an identity to a system, usually in the form of a log-on ID to the system. Identification establishes user accountability for the actions on the system. Authentication is verification that the users claimed identity is valid and is usually implemented through a user password at log-on time. To ensure accountability, the user must prove that they are who they say they are. This is the function of authentication. Therefore, authentication best ensures accountability of users for the actions taken within a system or domain. Incorrect Answers: A: Identification is the user saying who they are. However, to ensure accountability, you need authentication to prove that they are who they say they are. C: Authorization is the rights and permissions granted to an individual which enable access to a computer resource. This does not ensure accountability because it does not ensure that the user accessing the system is who they say they are. D: Credentials are the users username and password combination. However, authentication is the process of validating the credentials. Credentials alone (without validation/authentication) do not ensure that the user accessing the system is who they say they are. References: , Wiley Publishing, Indianapolis, 2007, p. 57

Answer 413

Correct Answer: B Single Sign-On (SSO) allows a user to enter credentials once to gain access to all resources in primary and secondary network domains. Thereby, minimizing the amount of time users spend authenticating to resources and enabling the administrator to streamline user accounts and better control access rights. Furthermore, security is improved by reducing the likelihood that users will record passwords and also lessens the administrators time spent on adding and removing user accounts and modifying access permissions. Because SSO requires a user to remember only one password, a but one of the goals is that if a user only has to remember one password, a more complicated and secure password policy can be enforced. Incorrect Answers: A: Smart cards are used for authentication purposes in access control. Although it can provide extra protection in an SSO environment, it does not provide the ability to use stronger passwords, easier password administration, one set of credential, and faster resource access. C: Symmetric Ciphers are used for encryption and decryption. It does not provide the ability to use stronger passwords, easier password administration, one set of credential, and faster resource access. D: Public Key Infrastructure allows for people who are widely dispersed to communicate securely and predictably. References: , 6th Edition, McGraw-Hill, 2013, pp. 200, 207, 208, 833 https://en.wikipedia.org/wiki/Symmetric-key_algorithm#Cryptographic_primitives_based_on_symmetric_ciphers

Answer 414

Correct Answer: A Single Sign-On (SSO) addresses the cumbersome situation of logging on multiple times to access different resources. In SSO, a user provides one ID and password per work session and is automatically logged-on to all the required applications. SSO can be implemented by using scripts that replay the users multiple log-ins, or by using authentication servers to verify a users identity and encrypted authentication tickets to permit access to system services. Incorrect Answers: B: Dynamic Sign-On is not the correct term to describe an authentication system that can be implemented through scripts or smart agents that replay the users multiple log-ins against authentication servers to verify a user's identity which permit access to system services. C: Smart cards provide static or dynamic passwords or certificates to authenticate a user. The authentication happens every time the smart card is presented and the login. This is not what is described in the question. D: Kerberos can be used to implement Single-Sign on. However, "single sign-on" is the term described in the question. References: , Wiley Publishing, Indianapolis, 2007, p. 40

Answer 415

Correct Answer: A A Static password token is a device that contains a password which is physically hidden, but which is transmitted for each authentication. The token authenticates the identity of the owner to the information system. Incorrect Answers: B: Static password tokens will authenticate the identity of the owner to the information system. C: Static password tokens do not allow the owner to authenticate himself to the system. It authenticates the identity of the owner to the information system. D: Static password tokens authenticate the identity of the owner to the information system, not the system. References: https://en.wikipedia.org/wiki/Security_token http://www.informit.com/guides/content.aspx?g=security&seqNum=146

Answer 416

Correct Answer: B A biometric system executes a one-to-many comparison against a biometric database in attempt to establish the identity of an unknown user in identification mode. If the comparison of the biometric sample to a template in the database falls within a threshold previously set, identifying the individual will succeed. Incorrect Answers: A: In authentication mode, the biometric system performs a one-to-one comparison of a captured biometric with a specific template stored in a biometric database in order to confirm the individual is the person they claim to be. C: Identities refer to who users are, not a mode used in biometrics. D: An identity-based access control is a type of Discretionary Access Control (DAC) that is based on an individual's identity. References: https://en.wikipedia.org/wiki/Biometrics , 6th Edition, McGraw-Hill, 2013, p. 220

Answer 417

Correct Answer: C Biometrics is used for identification in physical controls and for authentication in logical controls. Physical controls are items put into place to protect facility, personnel, and resources. As a physical control, biometrics provides protection by identifying a person to see if that person is authorized to access a facility. When a user is identified and granted physical access to a facility, biometrics can be used for authentication in logical controls to provide access to resources. Controls are put into place to reduce the risk an organization faces, and they come in three main flavors: administrative, technical, and physical. Administrative controls are commonly referred to as "soft controls" because they are more management-oriented. Examples of administrative controls are security documentation, risk management, personnel security, and training. Technical controls (also called logical controls) are software or hardware components, as in firewalls, IDS, encryption, identification and authentication mechanisms. And physical controls are items put into place to protect facility, personnel, and resources. Examples of physical controls are security guards, locks, fencing, and lighting. Incorrect Answers: A: Biometrics is used in logical controls. B: Biometrics is used for identification in physical controls and for authentication in logical controls, not the other way round. Biometrics is used first as a physical control to identify a person to grant access to a facility, and then as a logical control to authenticate the user to provide access to resources. D: Biometrics does have a role in logical controls. References: , 6th Edition, McGraw-Hill, 2013, p. 28 , 2nd Edition, Wiley Publishing, Indianapolis, 2004, p.

Answer 418

Correct Answer: A A passphrase is a sequence of characters that is longer than a password and, in some cases, takes the place of a password during an authentication process. Passphrases are long static passwords, which is made up of words in a phrase or sentence. Incorrect Answers: B: A sequence of characters that is usually longer than the allotted number for a password is called a passphrase, not a cognitive phrase. C: A sequence of characters that is usually longer than the allotted number for a password is called a passphrase, not an anticipated phrase. D: A sequence of characters that is usually longer than the allotted number for a password is called a passphrase, not a real phrase. References: , 6th Edition, McGraw-Hill, 2013, p. 199 , 2nd Edition, Syngress, Waltham, 2012, p. 30

Answer 419

``` Correct Answer: C Callback is when the host system disconnects the caller and then dials the authorized telephone number of the remote terminal in order to reestablish the connection. Incorrect Answers: References: , 6th Edition, McGraw-Hill, 2013, p. G-3 ```

Answer 420

Correct Answer: D A smart card, which includes the ability to process data stored on it, is also able to deliver a two-factor authentication method as the user may have to enter a PIN to unlock the smart card. The authentication can be completed by using an OTP, by utilizing a challenge/response value, or by presenting the users private key if it is used within a PKI environment. The fact that the memory of a smart card is not readable until the correct PIN is entered, as well as the complexity of the smart token makes these cards resistant to reverse-engineering and tampering methods. Incorrect Answers: A: Transparent renewal of user keys is not the primary role of smartcards in a PKI. B: Easy distribution of the certificates between the users is not the primary role of smartcards in a PKI. C: Fast hardware encryption of the raw data is not the primary role of smartcards in a PKI. References: , 6th Edition, McGraw-Hill, 2013, pp. 200, 201 http://en.wikipedia.org/wiki/Tamper_resistance

Answer 421

Correct Answer: A In cryptography, a public key certificate (or identity certificate) is an electronic document which incorporates a digital signature to bind together a public key with an identity information such as the name of a person or an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an individual. Incorrect Answers: B: In computer security, an authorization certificate (also known as an attribute certificate) is a digital document that describes a written permission from the issuer to use a service or a resource that the issuer controls or has access to use. C: A root certificate is an unsigned or a self-signed public key certificate that identifies the Root Certificate Authority (CA). D: Code signing digitally signs executables and scripts to verify the software author and guarantee that the code has not been changed or tainted since it was signed by use of a cryptographic hash. References: http://en.wikipedia.org/wiki/Attribute_certificate http://en.wikipedia.org/wiki/Public_key_certificate https://en.wikipedia.org/wiki/Root_certificate https://en.wikipedia.org/wiki/Code_signing

Answer 422

Correct Answer: C Kerberos is a third-party authentication service that can be used to support SSO. Incorrect Answers: A: Non-repudiation provides assurance that a specific user performed a specific transaction that did not change. It is not, however, the primary service provided by Kerberos. B: Confidentiality strives to prevent unauthorized read access to data. It is not, however, the primary service provided by Kerberos. D: Authorization refers to the actions you are allowed to carry out on a system after identification and authentication has taken place. It is not, however, the primary service provided by Kerberos. References: , 2nd Edition, Syngress, Waltham, 2012, pp. 12, 14, 15, 43

Answer 423

Correct Answer: A In Kerberos implementations where the use of an authenticator is configured, the user sends their identification information and a timestamp and sequence number encrypted with the shared session key to the requested service, which then decrypts this information and compares it with the identification data the KDC sent to it about this requesting user. If the data matches, the user is allowed access to the requested service. Incorrect Answers: B: A requested service is provided to the client after validating a users identification information and a timestamp and encrypted sequence number, not a client public key. C: A requested service is provided to the client after validating a users identification information and a timestamp and encrypted sequence number, not a client private key. D: A requested service is provided to the client after validating a users identification information and a timestamp and encrypted sequence number, not a server public key. References: , 6th Edition, McGraw-Hill, 2013, pp. 209-213

Answer 424

Correct Answer: A Kerberos is a trusted, third party authentication protocol that was developed under Project Athena at MIT. In Greek mythology, Kerberos is a three-headed dog that guards the entrance to the Underworld. Using symmetric key cryptography, Kerberos authenticates clients to other entities on a network of which a client requires services. Kerberos addresses the confidentiality and integrity of information. It does not directly address availability and attacks such as frequency analysis. Incorrect Answers: B: Kerberos an authentication protocol. However, it does not address availability. C: Kerberos does address integrity but it does not address validation. D: Kerberos does address integrity but it does not address auditability. References: , Wiley Publishing, Indianapolis, 2007, p. 78

Answer 425

Correct Answer: C Kerberos addresses the confidentiality and integrity of information. It does not directly address availability and attacks such as frequency analysis. Furthermore, because all the secret keys are held and authentication is performed on the Kerberos TGS and the authentication servers, these servers are vulnerable to both physical attacks and attacks from malicious code. Replay can be accomplished on Kerberos if the compromised tickets are used within an allotted time window. Because a clients password is used in the initiation of the Kerberos request for the service protocol, password guessing can be used to impersonate a client. Incorrect Answers: A: Kerberos does not use a private key like an asymmetric key cryptography system does. It uses symmetric key cryptography (shared key). B: Kerberos does not use a public key like an asymmetric key cryptography system does. It uses symmetric key cryptography (shared key). D: KSD being compromised is not a vulnerability of Kerberos. References: , Wiley Publishing, Indianapolis, 2007, p. 78

Answer 426

Correct Answer: B Just like Kerberos, SESAME depends on the initial user authentication. For that reason, SESAME has the same weakness to attacks on the users password as Kerberos does. Incorrect Answers: A: SESAME is not susceptible to timeslot replay attacks. C: Symmetric key guessing is not a weakness of Kerberos. D: Asymmetric key guessing is not a weakness of Kerberos. References: , OReilly Media, 2013, Sebastopol, p. 101 , 2nd Edition, Syngress, Waltham, 2012, p. 46

Answer 427

Correct Answer: D A central authentication service for dial-up users is the standard Remote Authentication and Dial-In User Service (RADIUS). RADIUS incorporates an authentication server and dynamic passwords. The RADIUS protocol is an open lightweight, UDP-based protocol that can be modified to work with a variety of security systems. It provides authentication, authorization and accounting services to routers, modem servers, and wireless applications. RADIUS is described in RFC 2865. Incorrect Answers: A: RADIUS does not incorporate PIN codes. B: Authentication of clients is provided by the authentication server which is incorporated into RADIUS. RADIUS does not incorporate static passwords generation. C: Authentication of clients is provided by the authentication server which is incorporated into RADIUS. RADIUS does not incorporate dynamic passwords generation. References: , Wiley Publishing, Indianapolis, 2009, p. 124

Answer 428

Correct Answer: C Controls provide accountability for individuals who are accessing sensitive information. This accountability is accomplished through access control mechanisms that require identification and authentication and through the audit function. These controls must be in accordance with and accurately represent the organizations security policy. Assurance procedures ensure that the control mechanisms correctly implement the security policy for the entire life cycle of an information system. Incorrect Answers: A: Controls are administrative, logical/technical or physical. Accountability controls are not a defined control type and do not ensure that the control mechanisms correctly implement the security policy for the entire life cycle of an information system. B: Mandatory access controls are an access control type. They do not ensure that the control mechanisms correctly implement the security policy for the entire life cycle of an information system. D: Administrative controls are a group of controls that include policies and procedures. However, assurance procedures are the specific name for the set of procedures that ensure that the control mechanisms correctly implement the security policy for the entire life cycle of an information system. References: , Wiley Publishing, Indianapolis, 2007, p. 47

Answer 429

Correct Answer: C Smart cards are an example of a Preventive/Technical control. Incorrect Answers: A: Detective controls include Motion detectors, Closed-circuit TVs, Monitoring and Supervising, Job rotation, Investigations, Audit logs, and IDS. B: Administrative controls include Security policy, Monitoring and Supervising, Separation of duties, Job rotation, Information Classification, Personnel Procedures, Testing, and Security-awareness training. D: Physical controls include Fences, Locks, Badge system, Security guard, Biometric system, Mantrap doors, Lighting, Motion detectors, and Closed-circuit TVs. References: , 6th Edition, McGraw-Hill, 2013, pp. 32, 33

Answer 430

Correct Answer: C TACACS has been through three generations: TACACS, Extended TACACS (XTACACS), and TACACS+. TACACS combines its authentication and authorization processes; XTACACS separates authentication, authorization, and auditing processes; and TACACS+ is XTACACS with extended two-factor user authentication. TACACS uses fixed passwords for authentication, while TACACS+ allows users to employ dynamic (one-time) passwords, which provides more protection. The original TACACS was developed during the days of ARPANET which is the basis for the Internet. TACACS uses UDP as its communication protocol. TACACS+ uses TCP as its communication protocol. Incorrect Answers: A: TACACS uses UDP as its communication protocol, not TCP. B: TACACS uses UDP as its communication protocol, not SSL. D: TACACS uses UDP as its communication protocol, not SSH. References: , 6th Edition, McGraw-Hill, 2013, p. 234 , Syngress, Rockland, 2003, p. 450 http://en.wikipedia.org/wiki/TACACS

Answer 431

Correct Answer: B As client computers used to have built-in modems to allow for Internet connectivity, organizations commonly had a pool of modems to allow for remote access into and out of their networks. In some cases the modems were installed on individual servers here and there throughout the network or they were centrally located and managed. Most companies did not properly enforce access control through these modem connections, and they served as easy entry points for attackers. Installing the Remote Access Server outside the firewall and forcing legitimate users to authenticate to the firewall can best eliminate dial-up access through a Remote Access Server as a hacking vector. This solution would mean that even if an attacker gained access to the Remote Access Server, the firewall would provide another layer of protection. Incorrect Answers: A: Using a TACACS+ server does provide a good remote access authentication and authorization solution. However, to best eliminate dial-up access through a Remote Access Server as a hacking vector, you should place the remote access server outside the firewall. C: Setting modem ring count to at least 5 may deter wardialers but it does not eliminate dial-up access through a Remote Access Server as a hacking vector. D: Only attaching modems to non-networked hosts do not eliminate dial-up access through a Remote Access Server as a hacking vector. Besides being impractical, the non-network hosts would be vulnerable to attack. References: , 6th Edition, McGraw-Hill, 2013, p. 695

Answer 432

Correct Answer: B There are three major types of authentication available: static, robust, and continuous. Static authentication includes passwords and other techniques that can be compromised through replay attacks. They are often called reusable passwords. Robust authentication involves the use of cryptography or other techniques to create one-time passwords that are used to create sessions. These can be compromised by session hijacking. Continuous authentication prevents session hijacking. Continuous Authentication provides protection against impostors who can see, alter, and insert information passed between the claimant and verifier even after the claimant/verifier authentication is complete. These are typically referred to as active attacks, since they assume that the imposter can actively influence the connection between claimant and verifier. One way to provide this form of authentication is to apply a digital signature algorithm to every bit of data that is sent from the claimant to the verifier. There are other combinations of cryptography that can provide this form of authentication but current strategies rely on applying some type of cryptography to every bit of data sent. Otherwise, any unprotected bit would be suspect. Incorrect Answers: A: Static authentication only provides protection against attacks in which an imposter cannot see, insert or alter the information passed between the claimant and the verifier during an authentication exchange and subsequent session. Static authentication does not protect against hijacking. C: Robust Authentication relies on dynamic authentication data that changes with each authenticated session between a claimant and verifier. Robust or dynamic authentication does not protect against hijacking. D: Strong authentication is not a specific authentication type; it is another term for multi-factor authentication. References: http://www.windowsecurity.com/whitepapers/policy_and_standards/Internet_Security_Policy/Internet_Security_Policy__Sample_Policy_Areas.html

Answer 433

Correct Answer: A Traffic padding is a countermeasure to traffic analysis. Even if perfect cryptographic routines are used, the attacker can gain knowledge of the amount of traffic that was generated. The attacker might not know what Alice and Bob were talking about, but can know that they were talking and how much they talked. In certain circumstances this can be very bad. Consider for example when a military is organizing a secret attack against another nation: it may suffice to alert the other nation for them to know merely that there is a lot of secret activity going on. Padding messages is a way to make it harder to do traffic analysis. Normally, a number of random bits are appended to the end of the message with an indication at the end how much this random data is. The randomness should have a minimum value of 0, a maximum number of N and an even distribution between the two extremes. Note, that increasing 0 does not help, only increasing N helps, though that also means that a lower percentage of the channel will be used to transmit real data. Also note, that since the cryptographic routine is assumed to be uncrackable (otherwise the padding length itself is crackable), it does not help to put the padding anywhere else, e.g. at the beginning, in the middle, or in a sporadic manner. Incorrect Answers: B: Scanning and probing is a technique used in Penetration Testing. Various scanners, like a port scanner, can reveal information about a networks infrastructure and enable an intruder to access the networks unsecured ports. C: War dialing is a technique used in Penetration Testing. War dialing is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers to hack in to. D: Sniffing (packet sniffing) is a technique used in Penetration Testing. Packet sniffing is the process of intercepting data as it is transmitted over a network. References: , John Wiley & Sons, New York, 2001, pp. 233, 238. https://secure.wikimedia.org/wikipedia/en/wiki/Padding_%28cryptography%29#Traffic_analysis

Answer 434

Correct Answer: D Ethical hackers should use tools that have the potential of affecting servers or services to provide a valid security test. These are the tools that a malicious hacker would use. The first step before sending even one single packet to the target would be to have a signed agreement with clear rules of engagement and a signed contract. The signed contract explains to the client the associated risks and the client must agree to them before you even send one packet to the target range. This way the client understands that some of the tests could lead to interruption of service or even crash a server. The client signs that he is aware of such risks and willing to accept them. Incorrect Answers: A: An organization should use ethical hackers who do not sell auditing, hardware, software, firewall, hosting, and/or networking services. An ethical hacking firm's independence can be questioned if they sell security solutions at the same time as doing testing for the same client. B: Testing should be done remotely to simulate external threats. Testing simulating a cracker from the Internet is often one of the first tests being done. This is to validate perimeter security. By performing tests remotely, the ethical hacking firm emulates the hacker's approach more realistically. C: Ethical hacking should not involve writing to or modifying the target systems negatively. Proving the ability to write to or modify the target systems (without causing harm) is enough to demonstrate the existence of a vulnerability. References: , John Wiley & Sons, New York, 2001, p. 520

Answer 435

Correct Answer: B Pivoting is a method that makes use of the compromised system to attack other systems on the same network to avoid restrictions that might prohibit direct access to all machines. Incorrect Answers: A: Black box testing examines the functionality of an application without peering into its internal structures or workings. C: With white box testing, the testers are provided with complete knowledge of the infrastructure being tested. D: With gray-box pen testing, the tester is provided with partial knowledge of the infrastructure being tested. References: https://en.wikipedia.org/wiki/Exploit_(computer_security)#Pivoting https://en.wikipedia.org/wiki/Black-box_testing http://www.redsphereglobal.com/content/penetration-testing

Answer 436

Correct Answer: B You should perform stress tests in a test environment. It is best to use live workload data as the stress test would be more realistic. Stress testing (sometimes called torture testing) is a form of deliberately intense or thorough testing used to determine the stability of a given system or entity. It involves testing beyond normal operational capacity, often to a breaking point, in order to observe the results. Incorrect Answers: A: It would be better to use live workload data. C: You should not perform stress tests in the product environment. D: You should not perform stress tests in the product environment. References: https://en.wikipedia.org/wiki/Stress_testing

Answer 437

Correct Answer: C Trusted Computer System Evaluation Criteria (TCSEC) is a United States Government Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system. The TCSEC was used to evaluate, classify and select computer systems being considered for the processing, storage and retrieval of sensitive or classified information. The computer system must contain hardware/software mechanisms that can be independently evaluated to provide sufficient assurance that the system enforces the requirements. By extension, assurance must include a guarantee that the trusted portion of the system works only as intended. To accomplish these objectives, two types of assurance are needed with their respective elements: Operational Assurance: System Architecture, System Integrity, Covert Channel Analysis, Trusted Facility Management and Trusted Recovery Life-cycle Assurance: Security Testing, Design Specification and Verification, Configuration Management and Trusted System Distribution Incorrect Answers: A: System Architecture is not required for Life-Cycle Assurance. System Architecture is part of Operational Assurance. B: Covert Channel Analysis is not required for Life-Cycle Assurance. Covert Channel Analysis is part of Operational Assurance. D: Trusted Facility Management is not required for Life-Cycle Assurance. Trusted Facility Management is part of Operational Assurance. References: https://en.wikipedia.org/wiki/Trusted_Computer_System_Evaluation_Criteria

Answer 438

Correct Answer: B Various operating system software products provide parameters and options for the tailoring of the system and activation of features such as activity logging. Parameters are important in determining how a system runs because they allow a standard piece of software to be customized to diverse environments. The reviewing of software control features and/or parameters is the most effective means of determining how controls are functioning within an operating system and of assessing and operating system's integrity. The review of software control features and/or parameters would be part of your security audit. A security audit is typically performed by an independent third party to the management of the system. The audit determines the degree with which the required controls are implemented. A security review is conducted by the system maintenance or security personnel to discover vulnerabilities within the system. A vulnerability occurs when policies are not followed, misconfigurations are present, or flaws exist in the hardware or software of the system. System reviews are sometimes referred to as a vulnerability assessment. Incorrect Answers: A: An interview with the computer operator is not an effective means of determining that controls are functioning properly within an operating system because the computer operator will not necessarily be aware of the detailed settings of the parameters. C: The operating system manual should provide information as to what settings can be used but will not give any hint as to how parameters are actually set. D: An interview with the product vendor is not an effective means of determining that controls are functioning properly within an operating system because the product vendor will not be aware of the detailed settings of the parameters.

Answer 439

Correct Answer: B You should always separate test and development environments. When testing a system, you need to isolate the system to ensure the test system is controlled and stable. This will ensure the system is tested in a realistic environment that mirrors the live environment as closely as possible. Access control methods can be used to easily separate the test and development environments. Incorrect Answers: A: Restricting access to systems under test is not the best reason for separating the test and development environments. Preventing instability in a development environment from affecting the test environment is a better answer. C: Segregate user and development staff is not the best reason for separating the test and development environments. D: Securing access to systems under development is not the best reason for separating the test and development environments. Securing access to systems under development would not be achieved by separating the test and development environments.

Answer 440

Correct Answer: B Verification is the process of determining whether the product accurately represents and meets the design specifications given to the developers. Incorrect Answers: A: Validation is the process of determining whether the product provides the necessary solution for the real-world problem that is was created to solve. C: Assessments are performed to determine the potential risks to a system. It does not test a systems compliance with design specifications and security requirements. D: Accuracy is related to the integrity of information and systems. The integrity of information and systems requires that the information and systems remain accurate and reliable. This is ensured by preventing any unauthorized modification to the information or systems. References: , 6th Edition, McGraw-Hill, New York, 2013, pp. 23-24, 74-74, 1106 https://en.wikipedia.org/wiki/Verification_and_validation

Answer 441

Correct Answer: C To run a source comparison does not prevent any specific action from occurring. Security controls are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. Controls help to reduce the risk of damage or loss by stopping, deterring, or slowing down an attack against an asset. To help review or design security controls, they can be classified by several criteria, for example according to the time that they act, relative to a security incident: ✑ Before the event, preventive controls are intended to prevent an incident from occurring e.g. by locking out unauthorized intruders; During the event, detective controls are intended to identify and characterize an incident in progress e.g. by sounding the intruder alarm and alerting the security guards or police; ✑ After the event, corrective controls are intended to limit the extent of any damage caused by the incident e.g. by recovering the organization to normal working status as efficiently as possible. Incorrect Answers: A: Denying a programmer access to production data is an example of preventive control as it prevents the programmer from accessing the data. B: To make a change request to include extra information would prevent unauthorized changes from being made. D: By establishing procedure for emergency changes unauthorized changes could be prevented. References: https://en.wikipedia.org/wiki/Security_controls

Answer 442

Correct Answer: A An Intrusion Detection System (IDS) typically follows a two-step process. First procedures include inspection of the configuration files of a system to detect inadvisable settings; inspection of the password files to detect inadvisable passwords; and inspection of other system areas to detect policy violations. In a second step, procedures are network-based and considered an active component; mechanisms are set in place to reenact known methods of attack and to record system responses. Incorrect Answers: B: A network-based vulnerability assessment is referred to as an active vulnerability assessment, not a routing vulnerability assessment. C: A network-based vulnerability assessment is referred to as an active vulnerability assessment, not a host-based vulnerability assessment. D: A network-based vulnerability assessment is referred to as an active vulnerability assessment, not a passive vulnerability assessment.

Answer 443

Correct Answer: C Formal approval of BCP scope is not part of the vulnerability assessment. A vulnerability assessment identifies a wide range of vulnerabilities in the environment. Vulnerability assessments just find the vulnerabilities (the holes). A vulnerability assessment is the process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system. Incorrect Answers: A: Quantifying losses is part of the vulnerability assessment. B: Prioritizing (qualifying) losses is part of the vulnerability assessment. D: Identifying critical vulnerabilities is part of the vulnerability assessment. References: https://en.wikipedia.org/wiki/Vulnerability_assessment

Answer 444

Correct Answer: C Poor password selection is frequently a major security problem for any system's security. Administrators should obtain and use password-guessing programs frequently to identify those users having easily guessed passwords. Because password-cracking programs are very CPU intensive and can slow the system on which it is running, it is a good idea to transfer the encrypted passwords to a standalone (not networked) workstation. Also, by doing the work on a non-networked machine, any results found will not be accessible by anyone unless they have physical access to that system. Out of the four choice presented above this is the best choice. However, in real life you would have strong password policies that enforce complexity requirements and does not let the user choose a simple or short password that can be easily cracked or guessed. That would be the best choice if it was one of the choices presented. Another issue with password cracking is one of privacy. Many password cracking tools can avoid this by only showing the password was cracked and not showing what the password actually is. It is masking the password being used from the person doing the cracking. Incorrect Answers: A: The password cracking program should not be on a networked computer. This is a security risk as someone could access the computer over the network. Furthermore, you should not run the password cracking program on the live password database. B: The password cracking program should not be on a networked computer. This is a security risk as someone could access the computer over the network. D: Whether or not a password-cracking program is unethical depends on why you are cracking the passwords. Cracking passwords as a test of password strength is a valid security test.

Answer 445

Correct Answer: C The function of the auditor is to come around periodically and make sure you are doing what you are supposed to be doing. They ensure the correct controls are in place and are being maintained securely. The goal of the auditor is to make sure the organization complies with its own policies and the applicable laws and regulations. Organizations can have internal auditors and/or external auditors. The external auditors commonly work on behalf of a regulatory body to make sure compliance is being met. CobiT is a model that most information security auditors follow when evaluating a security program. The Control Objectives for Information and related Technology (CobiT) is a framework and set of control objectives developed by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI). It defines goals for the controls that should be used to properly manage IT and to ensure that IT maps to business needs. Incorrect Answers: A: A local security specialist could be hired to measure the effectiveness of Information System security related controls in an organization. However, in doing so, the local security specialist would be performing the role of systems auditor. B: The business manager does not measure the effectiveness of Information System security related controls in an organization. D: The central security manager could measure the effectiveness of Information System security related controls in an organization. However, in doing so, central security manager would be performing the role of systems auditor. References: , 6th Edition, McGraw-Hill, New York, 2013, pp. 55, 125

Answer 446

Correct Answer: B Computers and the information processed on them usually have a direct relationship with a companys critical missions and objectives. Because of this level of importance, senior management should make protecting these items a high priority and provide the necessary support, funds, time, and resources to ensure that systems, networks, and information are protected in the most logical and cost-effective manner possible. For a companys security plan to be successful, it must start at the top level and be useful and functional at every single level within the organization. Senior management needs to define the scope of security and identify and decide what must be protected and to what extent. Incorrect Answers: A: IS security specialists may be the ones who implement the security measures; however, they do not bear the primary responsibility for determining the level of protection needed for information systems resources. C: Senior security analysts may be the ones who determine how to implement the security measures; however, they do not bear the primary responsibility for determining the level of protection needed for information systems resources. D: Systems Auditors ensure the appropriate security controls are in place. However, they do not bear the primary responsibility for determining the level of protection needed for information systems resources. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 101

Answer 447

Correct Answer: B The thorough and stringent - testing increases in detailed-oriented tasks as the assurance levels increase. The Common Criteria has seven assurance levels. The range is from EAL1, where functionality testing takes place, to EAL7, where thorough testing is performed and the system design is verified. The different EAL packages are listed next: ✑ EAL1 Functionally tested ✑ EAL2 Structurally tested ✑ EAL3 Methodically tested and checked ✑ EAL4 Methodically designed, tested, and reviewed ✑ EAL5 Semi-formally designed and tested ✑ EAL6 Semi-formally verified design and tested ✑ EAL7 Formally verified design and tested Incorrect Answers: A: EAL3 is methodically tested and checked, not methodically designed, tested, and reviewed. C: EAL5 is semi-formally designed and tested, not methodically designed, tested, and reviewed. D: EAL6 is semi-formally verified design and tested, not methodically designed, tested, and reviewed. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 402

Answer 448

Correct Answer: C Threat analysis is defined as the examination of threat-sources against system vulnerabilities to determine the threats for a particular system in a particular operational environment. Incorrect Answers: A: Risk management is defined the process of identifying and assessing risk, reducing it to an acceptable level, and implementing the right mechanisms to maintain that level. B: Risk analysis is defined as a method of identifying risks and assessing the possible damage that could be caused in order to justify security safeguards. D: Due diligence is the act of gathering the necessary information so the best decision-making activities can take place.

Answer 449

Correct Answer: D Identification and authentication controls ensure standard security practices are adhered to. These include maintaining a list of authorized users and their access, password expiration and disabling inactive user accounts. Incident reporting is not related to identification or authentication. Therefore, the question: "Is there a process for reporting incidents?" will not help in assessing identification and authentication controls. Incorrect Answers: A: Identification and authentication controls should include a maintained and approved list of authorized users and their access. Asking about this will help in assessing identification and authentication controls. B: Identification and authentication controls should include a password expiration policy to ensure passwords are changed on a regular basis. Asking about this will help in assessing identification and authentication controls. C: Identification and authentication controls should include inactive accounts being disabled. Asking about this will help in assessing identification and authentication controls.

Answer 450

Correct Answer: B which are management, technical, and operational. You need to be familiar with both ways of categorizing control types. According to the NIST control categories, Auditing is in the Audit and Accountability Technical control group. Operational controls are controls over the hardware, the media used and the operators using these resources. Backup and recovery, contingency planning and operations procedures are operational controls. Incorrect Answers: A: Backup and recovery are listed under the Contingency Planning (CP) operational control group. C: Contingency planning is a NIST operational control group. D: Operations procedures are an example of an operational control. References: , 6th Edition, McGraw-Hill, 2013, p. 58 http://infohost.nmt.edu/~sfs/Regs/sp800-53.pdf )

Answer 451

Correct Answer: D Backup data restore is a Recovery/Technical control. Incorrect Answers: A, B, C: Detective controls include Motion detectors, Closed-circuit TVs, Monitoring and Supervising, Job rotation, Investigations, Audit logs, and IDS. References: , 6th Edition, McGraw-Hill, 2013, pp. 32, 33

Answer 452

Correct Answer: A Due care is performing the ongoing maintenance necessary to keep something in proper working order, or to abide by what is commonly expected in a situation. This is especially important if the due care situation exists because of a contract, regulation, or law. The opposite of due care is "negligence." EXAM TIP: The Due Diligence refers to the steps taken to identify risks that exist within the environment. This is based on best practices, standards such as ISO 27001, ISO 17799, and other consensus. The first letter of the word Due and the word Diligence should remind you of this. The two letters are DD = Do Detect. In the case of due care, it is the actions that you have taken (implementing, designing, enforcing, updating) to reduce the risks identified and keep them at an acceptable level. The same apply here, the first letters of the work Due and the work Care are DC. Which should remind you that DC = Do correct. Incorrect Answers: B: Due concern is not a valid answer. Due Care is what is described in the question. C: Due diligence is performing reasonable examination and research before committing to a course of action. Basically, "look before you leap." In law, you would perform due diligence by researching the terms of a contract before signing it. The opposite of due diligence might be "haphazard" or "not doing your homework." This is not what is described in the question. D: Due practice is not a valid answer. Due Care is what is described in the question.

Answer 453

Correct Answer: D While it is important that environmental concerns are addressed they are part of the Physical Security Domain. The Operations Security domain is concerned with the controls that are used to protect hardware, software, and media resources from the following: ✑ Threats in an operating environment ✑ Internal or external intruders ✑ Operators who are inappropriately accessing resources Incorrect Answers: A: Controls over hardware are a critical security aspect of Operations Controls. B: Controls over the data media used are a critical security aspect of Operations Controls. C: Controls over the operators using resources are a critical security aspect of Operations Controls. References: , John Wiley & Sons, New York, 2001, p. 207

Answer 454

Correct Answer: D Accountability is another facet of access control. Individuals on a system are responsible for their actions. This accountability property enables system activities to be traced to the proper individuals. Accountability is supported by audit trails that record events on the system and network. Audit trails can be used for intrusion detection and for the reconstruction of past events. Monitoring individual activities, such as keystroke monitoring, should be accomplished in accordance with the company policy and appropriate laws. Banners at the log-on time should notify the user of any monitoring that is being conducted. Incorrect Answers: A: Authentication is proof that a user is who they say they are. This is important in accountability. However, you also need to be able to monitor that users actions. This is provided by audit trails. B: Integrity ensures that data is consistent and not modified. This does not provide accountability. C: Confidentiality attempts to prevent the intentional or unintentional unauthorized disclosure of data. This does not provide accountability. References: , Wiley Publishing, Indianapolis, 2007, p. 72

Answer 455

Correct Answer: B Audit trails maintain a record of system activity by system or application processes and by user activity. In conjunction with appropriate tools and procedures, audit trails can provide individual accountability, a means to reconstruct events, detect intrusions, and identify problems. Audit trail controls are considered technical controls. Monitoring and tracking of incidents is more an operational control related to incident response capability. Therefore, asking if incidents monitored and tracked until resolved will not help in assessing controls covering audit trails. Incorrect Answers: A: An audit trail should provide a trace of user actions. Asking about this will help in assessing controls covering audit trails. C: Access to online logs should be strictly controlled. Asking about this will help in assessing controls covering audit trails. D: There should be separation of duties between security personnel who administer the access control function and those who administer the audit trail. Asking about this will help in assessing controls covering audit trails.

Answer 456

Correct Answer: A Logon banners should be used to notify an external user that session monitoring is being conducted. This provides legal protection for the company. A logon banner is text that appears on the computer screen when a user logs in to a system. By using a logon banner, the user cannot claim that he or she did not know that their session was being monitored. B: A wall poster is not the most appropriate to notify an external user that session monitoring is being conducted. The user is external so he or she would not be able to see the poster. C: An employee handbook is not the most appropriate to notify an external user that session monitoring is being conducted. The external user would not have access to the employee handbook. D: A written agreement is not the most appropriate to notify an external user that session monitoring is being conducted. The user is external so he or she would not be able to read a written agreement.

Answer 457

Correct Answer: A An Intrusion Detection System (IDS) is a system that is used to monitor network traffic or to monitor host audit logs in order to determine if any violations of an organizations security policy have taken place. An IDS can detect intrusions that have circumvented or passed through a firewall or are occurring within the local area network behind the firewall. A network-based IDS usually provides reliable, real-time information without consuming network or host resources. A network-based IDS is passive while it acquires data. Because a network-based IDS reviews packets and headers, denial of service attacks can also be detected. Furthermore, because this IDS is monitoring an attack in realtime, it can also respond to an attack in progress to limit damage. Incorrect Answers: B: A network-based IDS does not detect viruses. C: A network-based IDS does not detect data corruption. D: A network-based IDS does not detect all password guessing attacks. References: , Wiley Publishing, Indianapolis, 2007, p. 71

Answer 458

Correct Answer: A Because the HIDS uses the resources of the host, it can be very invasive. Incorrect Answers: B, C, D: Advantages of HIDS includes: ✑ Monitoring of host local events (reveals attacks not detectable by NIDS). ✑ Works well even if traffic is encrypted. ✑ When it works on OS audit trails it can reveal Trojan Horse or other attacks to SW integrity. References: http://www.federica.unina.it/ingegneria/security-and-dependability-of-computer-systems/intrusion-detection-systemarchitectures/

Answer 459

Correct Answer: D An Anomaly-Based Intrusion Detection System, is a system for detecting computer intrusions and misuse by monitoring system activity and classifying it as either normal or anomalous. The classification is based on heuristics or rules, rather than patterns or signatures, and attempts to detect any type of misuse that falls out of normal system operation. This is as opposed to signature-based systems, which can only detect attacks for which a signature has previously been created. In order to determine what is attack traffic, the system must be taught to recognize normal system activity. This can be accomplished in several ways, most often with artificial intelligence type techniques. Systems using neural networks have been used to great effect. Another method is to define what normal usage of the system comprises using a strict mathematical model, and flag any deviation from this as an attack. This is known as strict anomaly detection. Anomaly-based Intrusion Detection does have some shortcomings, namely a high false-positive rate and the ability to be fooled by a correctly delivered attack. A cause of the high false-positive rate is that normal patterns of user and system behavior can vary wildly. Different people do things in different ways. These can appear as anomalies to the IDS and generate a false positive. Incorrect Answers: A: It is not true that anomaly detection IDSs can only identify correctly attacks they already know about. This statement describes signature-based IDSs. B: It is not true that anomaly detection IDSs are application-based and are more subject to attacks. They can be hardware-based. Furthermore, hackers attack computer systems; they dont attack IDSs. C: It is not true that anomaly detection IDSs cannot identify abnormal behavior; thats exactly what they do. References: https://en.wikipedia.org/wiki/Anomaly-based_intrusion_detection_system

Answer 460

Correct Answer: D Configuration management consists of identifying, controlling, accounting for, and auditing all changes made to a particular system or equipment during its life cycle. In particular, as related to equipment used to process classified information, equipment can be identified in categories of COMSEC, TEMPEST, or as a Trusted Computer Base (TCB). The Trusted Computer System Evaluation Criteria (TCSEC) requires all changes to the TCB for classes B2 through A1 be controlled by configuration management. Although the "rainbow series" documentation mostly relates to software controls for trusted computers, configuration management is not limited to only this function. Incorrect Answers: A: Configuration Management is not just the auditing of changes to the Trusted Computing Base; it also includes controlling any changes to the TCB. B: Configuration Management is not just the control of changes to the Trusted Computing Base; it also includes the auditing of changes to the TCB. C: Configuration Management is not defined as the control of changes in the configuration access to the Trusted Computing Base. References: http://surflibrary.org/ses/TEMPBOOK/CH6CONFGMGT.pdf

Answer 461

Correct Answer: B Job rotations reduce the risk of collusion of activities between individuals. Companies with individuals working with sensitive information or systems where there might be the opportunity for personal gain through collusion can benefit by integrating job rotation with segregation of duties. Rotating the position may uncover activities that the individual is performing outside of the normal operating procedures, highlighting errors or fraudulent behavior. Rotation of duties is a method of reducing the risk associated with a subject performing a (sensitive) task by limiting the amount of time the subject is assigned to perform the task before being moved to a different task. Separation of duties is a basic control that prevents or detects errors and irregularities by assigning responsibility for different parts of critical tasks to separate individuals, thus limiting the effect a single person can have on a system. One individual should not have the capability to execute all of the steps of a particular process. This is especially important in critical business areas, where individuals may have greater access and capability to modify, delete, or add data to the system. Failure to separate duties could result in individuals embezzling money from the company without the involvement of others. Incorrect Answers: A: Key escrow is related to the protection of keys in storage by splitting the key in pieces that will be controlled by different departments. Key escrow is the process of ensuring a third party maintains a copy of a private key or key needed to decrypt information. Key escrow also should be considered mandatory for most organizations use of cryptography as encrypted information belongs to the organization and not the individual; however often an individuals key is used to encrypt the information. Key escrow will not interrupt the opportunity to use or perform collusion to subvert operation for fraudulent purposes. C: The need-to-know principle specifies that a person must not only be cleared to access classified or other sensitive information, but have requirement for such information to carry out assigned job duties. Ordinary or limited user accounts are what most users are assigned. They should be restricted only to those privileges that are strictly required, following the principle of least privilege. Access should be limited to specific objects following the principle of need-to-know. The principle of need-to-know will not interrupt the opportunity to use or perform collusion to subvert operation for fraudulent purposes. D: The principle of least privilege requires that each subject in a system be granted the most restrictive set of privileges (or lowest clearance) needed for the performance of authorized tasks. Least privilege refers to granting users only the accesses that are required to perform their job functions. Some employees will require greater access than others based upon their job functions. For example, an individual performing data entry on a mainframe system may have no need for Internet access or the ability to run reports regarding the information that they are entering into the system. Conversely, a supervisor may have the need to run reports, but should not be provided the capability to change information in the database. The principle of least privilege will not interrupt the opportunity to use or perform collusion to subvert operation for fraudulent purposes.

Answer 462

Correct Answer: D refers to the act of understanding the threats to and vulnerabilities of computer operations in order to routinely support operational activities that enable computer systems to function correctly. Like the other domains, the Operations Security domain is concerned with triples: threats, vulnerabilities, and assets. We will now look at what constitutes a triple in the Operations Security domain: ✑ A threat in the Operations Security domain can be defined as the presence of any potential event that could cause harm by violating security. An example of an operations threat is an operators abuse of privileges that violates confidentiality. ✑ A vulnerability is defined as a weakness in a system that enables security to be violated. An example of an operations vulnerability is a weak implementation of the separation of duties. ✑ An asset is considered anything that is a computing resource or ability, such as hardware, software, data, and personnel. ‘Risk’ is not a component of the Operations Security "triples". References: , John Wiley & Sons, New York, 2001, p. 216 , 2nd Edition, Wiley Publishing, Indianapolis, 2004, p.

Answer 463

Correct Answer: B Preventative Controls. In the Operations Security domain, preventative controls are designed to achieve two things to lower the amount and impact of unintentional errors that are entering the system, and to prevent unauthorized intruders from internally or externally accessing the system. An example of these controls might be pre-numbered forms, or a data validation and review procedure to prevent duplications. Incorrect Answers: A: Detective controls are used to detect an error once it has occurred; they do not prevent unauthorized intruders from internally or externally accessing the system. C: Corrective controls are implemented to help mitigate the impact of a loss event through data recovery procedures. They do not prevent unauthorized intruders from internally or externally accessing the system. D: Directive controls are administrative instruments such as policies, procedures, guidelines, and agreements. They do not prevent unauthorized intruders from internally or externally accessing the system. References: , 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 217.

Answer 464

Correct Answer: C Transaction controls are used to provide control over the various stages of a transaction from initiation, to output, through testing and change control. Input Controls are a type of transaction control. Input controls are used to ensure that transactions are properly input into the system only once. Elements of input controls may include counting the data and timestamping it with the date it was entered or edited. Incorrect Answers: A: Processing controls are used to guarantee that transactions are valid and accurate and that wrong entries are reprocessed correctly and promptly. This is not what is described in the question. B: Output controls are used for two things for protecting the confidentiality of an output, and for verifying the integrity of an output by comparing the input transaction with the output data. Elements of proper output controls would involve ensuring the output reaches the proper users, restricting access to the printed output storage areas, printing heading and trailing banners, requiring signed receipts before releasing sensitive output, and printing "no output" banners when a report is empty. This is not what is described in the question. D: Input/Output Controls are not a defined control type. References: , 2nd Edition, Wiley Publishing, Indianapolis, 2004, p.

Answer 465

Correct Answer: A By leaving the laptop, which contains unique data, unguarded, you cannot guarantee that the data on it remain untampered. This breaks the chain of custody. When evidence is seized, it is important to make sure a proper chain of custody is maintained to ensure any data collected can later be properly and accurately represented in case it needs to be used for later events such as criminal proceedings or a successful prosecution. Incorrect Answers: B: Locking the desktop to the desktop would not protect the data on it from being changed. C: It is a good idea to make a disk image of the Laptop, but the critical step here is to ensure that the laptop is preserved. By leaving it alone the chain of custody is broken. D: Cracking the admin password is not vital for the forensic investigation. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 248

Answer 466

Correct Answer: B Due care and due diligence are comparable to the "prudent person" concept. A prudent person is seen as responsible, careful, cautious, and practical, and a company practicing due care and due diligence is seen in the same light. Incorrect Answers: A: Culpable negligence is not in reference to a multi-national company. Culpable negligence is related to lack of due care. C: Culpable negligence is not in reference to a computer resources loss. Culpable negligence is related to lack of due care. D: Culpable negligence is not due to a failure to prosecute a hacker who has caused a breach. Culpable negligence is related to lack of due care. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 1234

Answer 467

Correct Answer: D Enticement is the act of luring an intruder and is legal. Incorrect Answers: A: There is no alteration here. The intruder is lured. B: There is no alteration here. The intruder is lured. C: Entrapment induces a crime, tricks a person, and is illegal. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 1068

Answer 468

Correct Answer: C "Trusted paths provide trustworthy interfaces into privileged user functions and are intended to provide a way to ensure that any communications over that path cannot be intercepted or corrupted." The trusted computing base (TCB) is a collection of all the hardware, software, and firmware components within a system that provide some type of security and enforce the systems security policy. The TCB does not address only operating system components, because a computer system is not made up of only an operating system. Hardware, software components, and firmware components can affect the system in a negative or positive manner, and each has a responsibility to support and enforce the security policy of that particular system. A trusted path is a communication channel between the user, or program, and the TCB. The TCB provides protection resources to ensure this channel cannot be compromised in any way. Incorrect Answers: A: Trusted paths do not provide trustworthy integration into integrity functions; this is not the correct definition of a trusted path. B: Trusted paths do not provide trusted access to unsecure paths; this is not the correct definition of a trusted path. A trusted path provides a secure path so that a user can access the TCB without being compromised by other processes or users. D: MTBF stands for Mean Time Between Failures. This has nothing to do with trusted path. References: , 6th Edition, McGraw-Hill, 2013, pp. 359-360

Answer 469

Correct Answer: A For evidence to be admissible in court, it needs to be relevant, sufficient, and reliable. Incorrect Answers: B: Evidence does not need to be annotated to be admissible in court. C: Evidence does not need to be printed to be admissible in court. D: Evidence does not need to contain source code to be admissible in court. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 1068

Answer 470

Correct Answer: D Conducting security awareness and technical training to ensure that end users and system users are aware of the rules of behavior and their responsibilities in protecting the organization's mission is an example of a preventive management control, therefore not an operational control. Incorrect Answers: A: Protecting laptops, personal computers and workstations is an example of a preventive operational control. B: Controlling software viruses is an example of a preventive operational control. C: Controlling data media access and disposal is an example of a preventive operational control.

Answer 471

Correct Answer: B Hardware and software maintenance access controls are used to monitor the installation of, and updates to, hardware and software to ensure that the system functions as expected and that a historical record of changes is maintained. Integrity verification programs are more integrity controls than software maintenance controls. Incorrect Answers: A: Restricting and controlling access to all program libraries is part of controlling hardware and software maintenance. Asking about this will help in assessing controls over hardware and software maintenance. C: Version control is part of controlling hardware and software maintenance. Asking about this will help in assessing controls over hardware and software maintenance. D: Testing, documenting and approval of system components is part of controlling hardware and software maintenance. Asking about this will help in assessing controls over hardware and software maintenance.

Answer 472

Correct Answer: D The Five Rules for Evidence are Admissible, Authentic, Complete, Accurate, and Convincing. Incorrect Answers: A: Encrypted is not included in the Five Rules for Evidence. B: Hashed is not included in the Five Rules for Evidence. C: Auditable is not included in the Five Rules for Evidence. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 1053

Answer 473

Correct Answer: D The network logs contain information which can give clues on computer incidents that have occurred. This information must be collected, saved for future use (retained), reviewed, and analyzed. These activities related to handling incidents are the responsibility of the Computer Incident Response Team. Incorrect Answers: A: Data in the network logs, not the netware logs, contain information related to network incidents. B: Data must be kept and reviewed. C: Data must be collected and kept. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 1034

Answer 474

Correct Answer: C Management is responsible for initiating corrective measures and capabilities used when there are security violations. Incorrect Answers: A: The Information systems auditor ensures that the correct controls are in place and are being maintained securely. The information systems auditor is not responsible for initiating corrective measures and capabilities used when there are security violations. B: The security administrator is responsible for implementing and maintaining specific security network devices and software in the enterprise. These controls commonly include firewalls, IDS, IPS, antimalware, security proxies, data loss prevention, etc. The security administrator is not responsible for initiating corrective measures and capabilities used when there are security violations. D: The data owner decides upon the classification of the data she is responsible for. The data owner is also responsible for ensuring that the necessary security controls are in place, defining security requirements per classification and backup requirements, approving any disclosure activities, ensuring that proper access rights are being used, and defining user access criteria. The data owner is not responsible for initiating corrective measures and capabilities used when there are security violations. References: https://quizlet.com/31878633/cissp-domain-1-information-security-governance-and-risk-management-flash-cards/ , 6th Edition, McGraw-Hill, New York, 2013, pp. 121-125

Answer 475

Correct Answer: C A chain of custody is a history that shows how evidence was collected, analyzed, transported, and preserved in order to be presented in court. Because electronic evidence can be easily modified, a clearly defined chain of custody demonstrates that the evidence is trustworthy. Incorrect Answers: A: The legal aspect is not the most important factor to chain of custody. A history of how the evidence was handled is more important. B: When evidence is collected contact and advice from law enforcement officials. A history of how the evidence was handled is more important. D: Specifics of how to handle log files are not the most critical factor to establish a chain of custody. . A history of how the evidence was handled is more important. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 1050

Answer 476

Correct Answer: D The analysis stage of the incident response procedure deals with the gathering of additional data to try and figure out the root cause of the incident. Tracking can take place in parallel with the analysis and examination, and deals with determining whether the source of the incident was internal or external and how the offender infiltrated and gained access to the asset. Incorrect Answers: A: The recovery stage of the incident response procedure deals with the implementation of the required solution to make sure that this type of incident cannot recur. B: The containment stage of the incident response procedure deals with isolating the incident based on the category of the attack, the assets affected by the incident, and the criticality of those assets. C: The triage stage of the incident response procedure deals with determining whether the reported event is an incident and whether the incident-handling process should be started. References: , 6th Edition, McGraw-Hill, 2013, pp. 1037-1040

Answer 477

Correct Answer: B Corrective controls are used to restore systems after an incident has occurred. The different functionalities of security controls are preventive, detective, corrective, deterrent, recovery, and compensating. The six different control functionalities are as follows: ✑ Deterrent: Intended to discourage a potential attacker ✑ Preventive: Intended to avoid an incident from occurring ✑ Corrective: Fixes components or systems after an incident has occurred ✑ Recovery: Intended to bring the environment back to regular operations ✑ Detective: Helps identify an incidents activities and potentially an intruder ✑ Compensating: Controls that provide an alternative measure of control Incorrect Answers: A: Compensating controls provide an alternative measure of control. They are not used to restore systems after an incident. C: Detective controls are used to discover harmful occurrences. They are not used to restore systems after an incident. D: Preventive controls are used to avoid an incident from occurring. They are not used to restore systems after an incident. References: , 6th Edition, McGraw-Hill, 2013, p. 30

Answer 478

Correct Answer: D You should make post mortem review meeting after taking care of the intrusion, and no more than one week after the intrusion has been taken care of. Incorrect Answers: A: It is not a good practice to wait more than one week for the post-mortem review meeting. Three months is too much time. B: It is not a good practice to wait more than one week for the post-mortem review meeting To wait for until after a prosecution would take too much time. C: It is not a good practice to wait more than one week for the post-mortem review meeting. One month is too much time. References: , 2nd Edition, Syngress, Waltham, 2012, p. 332

Answer 479

Correct Answer: C Computer-based evidence is typically considered hearsay evidence. Hearsay is second-hand evidence, as opposed to direct evidence. Second-hand evidence is treated as less reliable. Incorrect Answers: A: Tangible information does not cause problem within an investigation. B: Easily collected information would cause a problem. D: During a computer investigation an expert or specialist could very well be required. References: , 5th Edition, Sybex, Indianapolis, 2011, p. 389

Answer 480

Correct Answer: A Nonrepudiation is the assurance that someone cannot deny something. Typically, nonrepudiation refers to the ability to ensure that a party to a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated. For example, if a user sends a message and then later claims he did not send it, this is an act of repudiation. When a cryptography mechanism provides nonrepudiation, the sender cannot later deny he sent the message (well, he can try to deny it, but the cryptosystem proves otherwise). Its a way of keeping the sender honest. Nonrepudiation is a preventive control it prevents someone having the ability to deny something. Incorrect Answers: B: Logical controls (also called technical controls) are software or hardware components, as in firewalls, IDS, encryption, identification and authentication mechanisms. Nonrepudiation is not a logical control. C: Corrective controls are used to restore systems after an attack or other harmful occurrence. Nonrepudiation is not a corrective control. D: Compensating controls are used to provide an alternative measure of control. Nonrepudiation is not a compensating control. References: http://searchsecurity.techtarget.com/definition/nonrepudiation , 6th Edition, McGraw-Hill, 2013, p. 770

Answer 481

Correct Answer: C Preventive controls are put in place to inhibit harmful occurrences. Access control is an example of a preventive control. Passwords are used in access control; therefore, password control is a preventive control. Preventive controls can be administrative, physical or technical. Preventive Technical controls include: ✑ Passwords, biometrics, smart cards ✑ Encryption, secure protocols, call-back systems, database views, constrained user interfaces ✑ Antimalware software, access control lists, firewalls, intrusion prevention system Incorrect Answers: A: Compensating controls are controls that provide an alternative measure of control. Password management does not fall into the Compensating control category. B: Detective controls are established to discover harmful occurrences. Password management does not fall into the Detective control category. D: Technical is a control type, not a control category. Password management is a technical control but it falls into the Preventive control category. References: , 6th Edition, McGraw-Hill, 2013, p. 31

Answer 482

Correct Answer: D A honeypot system is a computer that usually sits in the screened subnet, or DMZ, and attempts to lure attackers to it instead of to actual production computers. To make a honeypot system lure attackers, administrators may enable services and ports that are popular to exploit. Some honeypot systems have services emulated, meaning the actual service is not running but software that acts like those services is available. Honeypot systems can get an attackers attention by advertising themselves as easy targets to compromise. They are configured to look like regular company systems so that attackers will be drawn to them like bears are to honey. Honeypots can work as early detection mechanisms, meaning that the network staff can be alerted that an intruder is attacking a honeypot system, and they can quickly go into action to make sure no production systems are vulnerable to that specific attack type. Organizations use these systems to identify, quantify, and qualify specific traffic types to help determine their danger levels. The systems can gather network traffic statistics and return them to a centralized location for better analysis. So as the systems are being attacked, they gather intelligence information that can help the network staff better understand what is taking place within their environment. Incorrect Answers: A: A honeypot does act as a decoy system in that it can lure hackers into attacking the honeypot system instead of live production servers. However, this is not the primary goal of a honeypot. The primary goal is to learn about attack techniques so the network can be fortified. B: Entrapping and tracking down attackers is not the goal of a honeypot. Learning about possible attack techniques is more valuable to a company. C: It is not the goal of a honeypot to set up a sacrificial lamb on the network. References: , 6th Edition, McGraw-Hill, 2013, p. 655

Answer 483

Correct Answer: B Output controls are used for two things for protecting the confidentiality of an output, and for verifying the integrity of an output by comparing the input transaction with the output data. Elements of proper output controls would involve ensuring the output reaches the proper users, restricting access to the printed output storage areas, printing heading and trailing banners, requiring signed receipts before releasing sensitive output, and printing "no output" banners when a report is empty Incorrect Answers: A: Deterrent controls are used to encourage compliance with external controls, such as regulatory compliance. These controls are meant to complement other controls, such as preventative and detective controls. This is not what is described in the question. C: Ensuring that printed reports reach proper users and that receipts are signed before releasing sensitive documents are not examples of information flow controls. D: Ensuring that printed reports reach proper users and that receipts are signed before releasing sensitive documents are not examples of asset controls. References: , John Wiley & Sons, New York, 2001, p. 218

Answer 484

Correct Answer: A The RAID Advisory Board has defined three classifications of RAID: Failure Resistant Disk Systems (FRDSs), Failure Tolerant Disk Systems, and Disaster Tolerant Disk Systems. As of this writing only the first one, FRDS, is an existing standard, and the others are still pending. We will now discuss the various implementation levels of an FRDS. Failure Resistant Disk System: The basic function of an FRDS is to protect file servers from data loss and a loss of availability due to disk failure. It provides the ability to reconstruct the contents of a failed disk onto a replacement disk and provides the added protection against data loss due to the failure of many hardware parts of the server. One feature of an FRDS is that it enables the continuous monitoring of these parts and the alerting of their failure. Failure Resistant Disk System Plus: An update to the FRDS standard is called FRDS+. This update adds the ability to automatically hot swap (swapping while the server is still running) failed disks. It also adds protection against environmental hazards (such as temperature, out-of-range conditions, and external power failure) and includes a series of alarms and warnings of these failures. Incorrect Answers: B: Foreign Resistant Disk Systems is not one of the three classifications of RAID identified by the RAID Advisory Board. C: File Transfer Disk Systems is not one of the three classifications of RAID identified by the RAID Advisory Board. D: Federal Resistant Disk Systems is not one of the three classifications of RAID identified by the RAID Advisory Board. References: , 2nd Edition, Wiley Publishing, Indianapolis, 2004, p.

Answer 485

Correct Answer: A RAID Level 1 is commonly called mirroring. It mirrors the data from one disk or set of disks by duplicating the data onto another disk or set of disks. This is often implemented by a one-for-one disk to disk ratio: Each drive is mirrored to an equal drive partner that is continually being updated with current data. If one drive fails, the system automatically gets the data from the other drive. The main issue with this level of RAID is that the one-for-one ratio is very expensive resulting in the highest cost per megabyte of data capacity. This level effectively doubles the amount of hard drives you need, therefore it is usually best for smaller capacity systems. Incorrect Answers: B: RAID level 1 is not difficult to recover. If one drive fails, the system automatically gets the data from the other drive. C: RAID level 1 does not cause poor performance. The performance is quite good because no parity data needs to be calculated. D: RAID level 1 is not relatively unreliable; duplicating data onto another disk is a reliable system. References: , 2nd Edition, Wiley Publishing, Indianapolis, 2004, p.

Answer 486

Correct Answer: A RAID Level 2 consists of bit-interleaved data on multiple disks. The parity information is created using a hamming code that detects errors and establishes which part of which drive is in error. It defines a disk drive system with 39 disks: 32 disks of user storage 66 and seven disks of error recovery coding. This level is not used in practice and was quickly superseded by the more flexible levels of RAID such as RAID 3 and RAID 5. Incorrect Answers: B: Clustering code is not used to create parity information. C: A mirroring code is not used to create parity information. Mirroring is used to describe the method used in RAID level 1. D: A striping code is not used to create parity information. Striping is the method used to write data across multiple disks in RAID systems. References: , 2nd Edition, Wiley Publishing, Indianapolis, 2004, p.

Answer 487

Correct Answer: A RAID Levels 3 and 4 function in a similar way. The only difference is that level 3 is implemented at the byte level and level 4 is usually implemented at the block level. In this scenario, data is striped across several drives and the parity check bit is written to a dedicated parity drive. This is similar to RAID 0. They both have a large data volume, but the addition of a dedicated parity drive provides redundancy. If a hard disk fails, the data can be reconstructed by using the bit information on the parity drive. The main issue with this level of RAID is that the constant writes to the parity drive can create a performance hit. In this implementation, spare drives can be used to replace crashed drives. Incorrect Answers: B: RAID level 4 is not implemented at bridge level. C: RAID level 4 is not implemented at channel level. D: RAID level 4 is not implemented at buffer level. References: , 2nd Edition, Wiley Publishing, Indianapolis, 2004, p.

Answer 488

Correct Answer: A RAID Level 5 stripes the data and the parity information at the block level across all the drives in the set. It is similar to RAID 3 and 4 except that the parity information is written to the next available drive rather than to a dedicated drive by using an interleave parity. This enables more flexibility in the implementation and increases fault tolerance as the parity drive is not a single point of failure, as it is in RAID 3 or 4. The disk reads and writes are also performed concurrently, thereby increasing performance over levels 3 and 4. The spare drives that replace the failed drives are usually hot swappable, meaning they can be replaced on the server while the system is up and running. This is probably the most popular implementation of RAID today. Incorrect Answers: B: Hot swappable means that the disk drives can be replaced on the server while the server is system is up and running. The server does not need to be quiesced. C: Hot swappable means that the disk drives can be replaced on the server while the server is system is up and running. The server does not need to be idle. D: Hot swappable means that the disk drives can be replaced on the server while the server is system is up and running. The server does not need to be in single- user-mode. References: , 2nd Edition, Wiley Publishing, Indianapolis, 2004, p.

Answer 489

Correct Answer: A RAID 10, also known as RAID 1+0, combines disk mirroring and disk striping to protect data. A RAID 10 configuration requires a minimum of four disks, and stripes data across mirrored pairs. As long as one disk in each mirrored pair is functional, data can be retrieved. If two disks in the same mirrored pair fail, all data will be lost because there is no parity in the striped sets. RAID 10 provides redundancy and performance, and is the best option for I/O-intensive applications. One disadvantage is that only 50% of the total raw capacity of the drives is usable due to mirroring. Incorrect Answers: B: Level 0 (striping) is combined with level 1 (mirroring), not level 2 (hamming). C: Level 1 is mirroring, not clustering. D: Level 1 is mirroring, not hamming. References: http://searchstorage.techtarget.com/definition/RAID-10-redundant-array-of-independent-disks

Answer 490

Correct Answer: A RAID can be implemented in either hardware or software. Each type has its own issues and benefits. A hardware RAID implementation is usually platform- independent. It runs below the operating system (OS) of the server and usually does not care if the OS is Novell, NT, or Unix. The hardware implementation uses its own Central Processing Unit (CPU) for calculations on an intelligent controller card. There can be more than one of these cards installed to provide hardware redundancy in the server. RAID levels 3 and 5 run faster on hardware. A software implementation of RAID means it runs as part of the operating system on the file server. Incorrect Answers: B: A hardware RAID implementation is not platform-dependent. C: A hardware RAID implementation is not operating system dependent. D: A hardware RAID implementation is not software dependent. References: , 2nd Edition, Wiley Publishing, Indianapolis, 2004, p.

Answer 491

Correct Answer: A RAID can be implemented in either hardware or software. Each type has its own issues and benefits. A hardware RAID implementation is usually platform- independent. It runs below the operating system (OS) of the server and usually does not care if the OS is Novell, NT, or Unix. The hardware implementation uses its own Central Processing Unit (CPU) for calculations on an intelligent controller card. There can be more than one of these cards installed to provide hardware redundancy in the server. RAID levels 3 and 5 run faster on hardware. A software implementation of RAID means it runs as part of the operating system on the file server. Incorrect Answers: B: RAID levels 3 and 5 run faster, not slower on hardware. C: RAID levels 3 and 5 run faster on hardware, not software. D: RAID levels 3 and 5 run faster hardware than they do on software. References: , 2nd Edition, Wiley Publishing, Indianapolis, 2004, p.

Answer 492

Correct Answer: A RAID can be implemented in either hardware or software. Each type has its own issues and benefits. A software implementation of RAID means it runs as part of the operating system on the file server. Often RAID levels 0, 1, and 10 run faster on software RAID because of the need for the servers software resources. Simple striping or mirroring can run faster in the operating system because neither use the hardware- level parity drives. Incorrect Answers: B: RAID running as part of the operating system on the file server is an example of a software implementation, not a hardware implementation. C: RAID running as part of the operating system on the file server is an example of a software implementation, not a network implementation. D: RAID running as part of the operating system on the file server is an example of a software implementation, not a server implementation. References: , 2nd Edition, Wiley Publishing, Indianapolis, 2004, p.

Answer 493

Correct Answer: A The Differential Backup Method is additive because the time and tape space required for each night's backup grows during the week as it copies the day's changed files and the previous days' changed files up to the last full backup. Archive bits let the backup software know what needs to be backed up. The differential and incremental backup types rely on the archive bit to direct them. Incorrect Answers: B: Full backups back up all files. Full backups are not additive. C: Incremental backups are not additive because they reset the archive bit so the file is not backed up again next day (unless the file was changed again). D: The tape backup method is not a method that determines whether the archive bit is reset or not; it just specifies that the files are backed up to tape. References: , John Wiley & Sons, New York, 2001, p. 69 http://www.brighthub.com/computing/windows-platform/articles/24531.aspx

Answer 494

Correct Answer: D Digital Audio Tape (DAT) can be used to backup data systems in addition to its original intended audio uses. Incorrect Answers: A: Digital Video Tape (DVT) is not used to backup data systems. B: Digital Analog Tape (DAT) is not a defined type of tape; DAT stands for Digital Audio Tape. C: Digital Voice Tape (DVT) is not a defined type of tape; DVT stands for Digital Video Tape. References: , John Wiley & Sons, New York, 2001, p. 70

Answer 495

Correct Answer: A Hierarchical Storage Management (HSM) provides a continuous on-line backup by using optical or tape "jukeboxes," similar to WORMs. It appears as an infinite disk to the system, and can be configured to provide the closest version of an available real-time backup. This is commonly employed in very large data retrieval systems. Incorrect Answers: B: Hierarchical Resource Management (HRM) is not a defined backup media technology. C: Hierarchical Access Management (HAM) is not a defined backup media technology. D: Hierarchical Instance Management (HIM) is not a defined backup media technology. References: , 2nd Edition, Wiley Publishing, Indianapolis, 2004, p.

Answer 496

Correct Answer: A Physically securing the tapes from unauthorized access is obviously a security concern and is considered a function of the Operations Security Domain. Operations Security can be described as the controls over the hardware in a computing facility, the data media used in a facility, and the operators using these resources in a facility. Operations Security refers to the act of understanding the threats to and vulnerabilities of computer operations in order to routinely support operational activities that enable computer systems to function correctly. It also refers to the implementation of security controls for normal transaction processing, system administration tasks, and critical external support operations. These controls can include resolving software or hardware problems along with the proper maintenance of auditing and monitoring processes. Incorrect Answers: B: Physically securing backup tapes from unauthorized access is not considered a function of the Operations Security Domain Analysis. C: Physically securing backup tapes from unauthorized access is not considered a function of the Telecommunications and Network Security Domain. D: Physically securing backup tapes from unauthorized access is not considered a function of the Business Continuity Planning and Disaster Recovery Planning. References: , 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. , John Wiley & Sons, New York, 2001, p. 301

Answer 497

Correct Answer: B The questions states that the requirements are low cost technologies, high performance and no high availability capacities. RAID Level 0 creates one large disk by using several disks. This process is called striping. It stripes data across all disks (but provides no redundancy) by using all of the available drive space to create the maximum usable data volume size and to increase the read/write performance. Incorrect Answers: A: Single hard disk does meet the low cost requirement and no high availability but it does not provide high performance. C: RAID 1 (mirroring) does not provide high performance; it does provide high cost and high availability. This does not meet the requirements. D: RAID 10 does provide high performance but it is an expensive solution with high availability capacities. This does not meet the requirements. References: , 2nd Edition, Wiley Publishing, Indianapolis, 2004, p.

Answer 498

Correct Answer: C It is critical that a determination be made of WHAT data is important and should be retained and protected. Without determining the data to be backed up, the potential for error increases. A record or file could be vital and yet not included in a backup routine. Alternatively, temporary or insignificant files could be included in a backup routine unnecessarily. Incorrect Answers: A: Although it is important to consider schedules for backups, this is done after it has been determined what data should be included in the backup routine. B: The location of the backup copies of data should be decided after determining what data should be included in the backup routine. C: How to store backups is a question that needs to be answered. However, what to backup is the first question to be answered.

Answer 499

Correct Answer: D The different functionalities of security controls are preventive, detective, corrective, deterrent, recovery, and compensating. The six different control functionalities are as follows: ✑ Deterrent Intended to discourage a potential attacker ✑ Preventive Intended to avoid an incident from occurring ✑ Corrective Fixes components or systems after an incident has occurred ✑ Recovery Intended to bring the environment back to regular operations ✑ Detective Helps identify an incidents activities and potentially an intruder ✑ Compensating Controls that provide an alternative measure of control Incorrect Answers: A: The Deterrent security control is intended to discourage a potential attacker. This is not what is described in the question. B: The Preventative security control is intended to avoid an incident from occurring. This is not what is described in the question. C: The Corrective security control fixes components or systems after an incident has occurred. This is not what is described in the question. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 30

Answer 500

Correct Answer: B When an incident strikes, more is required than simply knowing how to restore data from backups. Also necessary are the detailed procedures that outline the activities to keep the critical systems available and ensure that operations and processing are not interrupted. Contingency management defines what should take place during and after an incident. Actions that are required to take place for emergency response, continuity of operations, and dealing with major outages must be documented and readily available to the operations staff. Development of test procedures is not part of contingency planning. This has nothing to do with recovering from an incident. Incorrect Answers: A: Prioritization of applications is used to determine which applications are most important to the company and should be recovered first. This should be part of your contingency planning. C: Assessment of threat impact on the organization should be part of the contingency plan to determine what affect an incident would have. This should be part of your contingency planning. D: Development of recovery scenarios are the most obvious part of a contingency plan. You need to plan how to recover from an incident. This should be part of your contingency planning. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 1276

Answer 501

Correct Answer: A RAID level 0 offers no fault tolerance, just performance improvements. Incorrect Answers: B: RAID level 0 provides no increase in hard disk usage compared to non-raid disks. C: RAID level 0 offers no fault tolerance. D: RAID does provide integrity. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 142

Answer 502

Correct Answer: A When data are written across all drives, the technique of striping is used. This activity divides and writes the data over several drives. Incorrect Answers: B: Scanning is not a concept used in relation to RAID. C: Screening is not a concept used in relation to RAID. D: Shadowing is not a concept used in relation to RAID. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 1268

Answer 503

Correct Answer: A Clusters may also be referred to as server farms. If one of the systems within the cluster fails, processing continues because the rest pick up the load, although degradation in performance could occur. Incorrect Answers: B: A cluster contains servers, not clients. C: A cluster and a cluster farm is not the same thing. A cluster is server farm. D: A cluster and a host farm is not the same thing. A cluster is server farm. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 1272

Answer 504

Correct Answer: A In a full backup all data are backed up and saved to some type of storage media. From this baseline differential and incremental backups can later be made. Incorrect Answers: B: An incremental process backs up all the files that have changed since the last full or incremental backup. C: A differential backup backs up the files that have been modified since the last full backup. When the data need to be restored, the full backup is laid down first, and then the most recent differential backup is put down on top of it. D: A tape backup is any type of backup which backs up data to the tape medium. It can be a full backup, an incremental backup, or a differential backup. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 936

Answer 505

Correct Answer: A An incremental process backs up only the files that have changed since the last full or incremental backup. Compared to a differential or a full back, an incremental backup copies less files. Incorrect Answers: B: A differential backup backs up the files that have been modified since the last full backup. More files are copies compared to an incremental backup. C: In a full backup all data are backed up and saved to some type of storage media. D: A tape backup is any type of backup which backs up data to the tape medium. It can be a full backup, an incremental backup, or a differential backup. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 936

Answer 506

Correct Answer: D Reciprocal agreements are Enforceable. This means that although company A said company B could use its facility when needed, when the need arises, company A legally does not have to fulfill this promise. Incorrect Answers: A: A hot site contract is enforceable, while a reciprocal agreement could be hard to enforce. B: A warm site contract is enforceable, while a reciprocal agreement could be hard to enforce. C: A cold site contract is enforceable, while a reciprocal agreement could be hard to enforce. References: , 6th Edition, McGraw-Hill, 2013, p. 924

Answer 507

Correct Answer: A When a file is modified or created, the file system sets the archive bit to 1. A differential backup process backs up the files that have been modified since the last full backup, but does not change the archive bit value. Incorrect Answers: B: A differential backup process does not change the archive bit value. C: Because a differential backup process backs up the files that have been modified since the last full backup, the archive bit at the start of the process would be set to 1. D: Because a differential backup process backs up the files that have been modified since the last full backup, the archive bit at the start of the process would be set to 1. References: , 6th Edition, McGraw-Hill, 2013, pp. 935-936

Answer 508

Correct Answer: C Data points obtained as part of the BIA information gathering process will be used later during analysis. It is important that the team members ask about how different taskswhether processes, transactions, or services, along with any relevant dependenciesget accomplished within the organization. Incorrect Answers: A: To determine the dependencies, not the composition, between the business processes is an import step of the BIA process. B: To determine the dependencies, not the priorities, between the business processes is an import step of the BIA process. D: To determine the service levels, not the priorities, between the business processes is an import step of the BIA process. References: , 6th Edition, McGraw-Hill, 2013, p. 905

Answer 509

Correct Answer: A If you can't restore lost files from your backup system then your backup plan is useless. You could have the best backup system and plan available but if you are unable to restore files then the system cannot assure data availability. Develop an effective disaster recovery plan and include in that plan a good backup strategy that meets the needs of your organization. Be sure to include periodic recovery practice operations to prove the effectiveness of the system. Incorrect Answers: B: This question is asking for the BEST answer for the most important part of a data backup plan. An effective backup plan is what you want; however the MOST IMPORTANT part of the backup plan is the ability to restore the data. C: A reliable network infrastructure makes it easier to backup and restore your data. However, network reliability is not the MOST IMPORTANT part of a backup plan. The ability to restore the data is more important. D: Expensive backup hardware is not the BEST answer. If your expensive backup hardware cannot restore your data, it is no good to you.

Answer 510

Correct Answer: C One of the ways to provide uninterrupted access to information assets is through redundancy and fault tolerance. Redundancy refers to providing multiple instances of either a physical or logical component such that a second component is available if the first fails. Fault tolerance is a broader concept that includes redundancy but refers to any process that allows a system to continue making information assets available in the case of a failure. Fault tolerance countermeasures are designed to combat threats to design reliability. Although fault tolerance can include redundancy, it also refers to systems such as RAID where if a disk fails, the data can be made available from the remaining disks. Incorrect Answers: A: Fault tolerance countermeasures ensure that data assets remain available in the event of a failure of any component, not just an uninterruptible power supply. B: Fault tolerance countermeasures ensure that data assets remain available in the event of a failure of any component, not just the backup and retention capability. D: Fault tolerance countermeasures do not protect data integrity.

Answer 511

Correct Answer: A The incremental backup method backs up all the files that have changed since the last full or incremental backup and resets the archive bit to 0. This is known as "clearing the archive bit". A full backup backs up all files regardless of whether the archive bit is 1 or 0 and sets the archive bit to 0. The archive bit is used by the backup process to determine whether a file has been changed. When you modify a file or create a new file, the archive bit is set to 1. This tells the backups process that the file has changed (or is a new file) and needs to be backed up. When an incremental backup backs up the file, it sets the archive bit to 0. When the next incremental backup runs and sees that the archive bit is 0, the incremental backup knows that the file has not changed since the last backup and so will not back up the file again. Incorrect Answers: B: This answer describes the differential backup process. The differential backup does not change the archive bit value; an incremental backup does change the archive bit value to 0. C: This answer describes the full backup process. An incremental backup does not back up ALL files; it only backs up changed files. D: An incremental backup does not back up ALL files; it only backs up changed files. Furthermore, it changes the archive bit value to 0, not 1. References: , 6th Edition, McGraw-Hill, 2013, pp. 801-802

Answer 512

Correct Answer: A Archive bit 1 = On (the archive bit is set). Archive bit 0 = Off (the archive bit is NOT set). A full backup backs up all files regardless of whether the archive bit is 1 or 0 and sets the archive bit to 0. When the archive bit is set to ON, it indicates a file that has changed and needs to be backed up. Differential backups back up all files that have changed since the last full backup - all files that have their archive bit value set to 1. Differential backups do not change the archive bit value when they backup a file; they leave the archive bit value set to 1. Incorrect Answers: B: Backs up data labeled with archive bit 1 and changes the data label to archive bit 0. - This is the behavior of an incremental backup, not a differential backup. C: Backs up data labeled with archive bit 0 and leaves the data labeled as archive bit 0. - If the archive bit is set to 0 (Off), it will only be backed up with a Full backup. Differential and incremental backups will not back up the file. D: Backs up data labeled with archive bit 0 and changes the data label to archive bit 1. - If the archive bit is set to 0 (Off), it will only be backed up with a Full backup. Differential and incremental backups will not back up the file. References: https://en.wikipedia.org/wiki/Archive_bit

Answer 513

Correct Answer: D A Full Interruption Test is the most intrusive to regular operations and business productivity. The original site is actually shut down, and processing takes place at the alternate site. A parallel test is one in which some systems are actually run at the alternate site. Incorrect Answers: A: Restoration of files is not the most important when conducting a Full Interruption. The most important is to set up a secondary site and conduct a parallel test on that site. B: To document expected findings is not the most important when conducting a Full Interruption. The most important is to set up a secondary site and conduct a parallel test on that site. C: To arrange physical security for the test site is not the most important when conducting a Full Interruption. The most important is to conduct a parallel test on the test site. References: , 6th Edition, McGraw-Hill, 2013, p. 956

Answer 514

Correct Answer: B A discretionary expense is a cost which is Essential for the operation of a business. The disaster recovery is concerned with business functions and costs that are essential for the business, and does Address discretionary expense. Incorrect Answers: A: A committed expense is an unavoidable expensive. Disaster recovery must take unavoidable expenses into account. C: The disaster recovery procedures must be in compliance with the law. D: The disaster recovery procedures must be in compliance with regulations References: http://www.investopedia.com/terms/d/discretionary-expense.asp

Answer 515

Correct Answer: B Over the past several years, there has been an increasing awareness dealing with anthrax and airborne attacks. Harmful agents introduced into the HVAC system can rapidly spread throughout the structure and infect all persons exposed to the circulated air. The following is a list of guidelines necessary to enhance security in this critical aspect of facility operations: ✑ Restrict access to main air intake points to persons who have a work-related reason to be there. ✑ Escort all contractors with access to the system while on site. ✑ Ensure that all air intake points are adequately secured with locking devices. Maintaining access rosters of maintenance personnel who are not authorized to work on the system is a recommended guideline; however, it is not a necessary guideline to ensure safety. Incorrect Answers: A: Restricting access to main air intake points to persons who have a work-related reason to be there is a necessary guideline to enhance security in the critical Heating Ventilation Air Conditioning (HVAC) aspect of facility operations. Therefore, this answer is incorrect. C: Escorting all contractors with access to the system while on site is a necessary guideline to enhance security in the critical Heating Ventilation Air Conditioning (HVAC) aspect of facility operations. Therefore, this answer is incorrect. D: Ensuring that all air intake points are adequately secured with locking devices is a necessary guideline to enhance security in the critical Heating Ventilation Air Conditioning (HVAC) aspect of facility operations. Therefore, this answer is incorrect.

Answer 516

Correct Answer: B Acceptability in terms of biometric systems refers to considerations of privacy, invasiveness, and psychological and physical comfort when using the system. For example, a concern with retina scanning systems may be the exchange of body fluids on the eyepiece or the feeling that a retinal scan could be harmful to the eye. Another concern would be the retinal pattern that could reveal changes in a persons health, such as diabetes or high blood pressure. Incorrect Answers: A: Considerations of privacy, invasiveness, and psychological and physical comfort when using the system are not elements of accountability of biometrics systems. C: Considerations of privacy, invasiveness, and psychological and physical comfort when using the system are not elements of availability of biometrics systems. D: Considerations of privacy, invasiveness, and psychological and physical comfort when using the system are not elements of adaptability of biometrics systems. References: , Wiley Publishing, Indianapolis, 2007, p. 60

Answer 517

Correct Answer: B which are management, technical, and operational. You need to be familiar with both ways of categorizing control types. According to the NIST control categories, Personnel Security is an Operational control. Incorrect Answers: A: Personnel security is not a management control. C: Personnel security is not a technical control. D: Human resources controls are not a defined control category although there are human resource controls listed in the administrative control category. References: , 6th Edition, McGraw-Hill, 2013, p. 58

Answer 518

Correct Answer: A On-site mirroring is a transaction redundancy solution. Incorrect Answers: B: Electronic vaulting is one type of transaction redundancy solution. Electronic vaulting makes copies of files as they are modified and periodically transmits them to an offsite backup site. C: Remote journaling is one type of transaction redundancy solution. Remote journaling is a method of transmitting data offsite. It usually only includes moving the journal or transaction logs to the offsite facility, not the actual files. These logs contain the deltas (changes) that have taken place to the individual files. If and when data are corrupted and need to be restored, the bank can retrieve these logs, which are used to rebuild the lost data. D: Database Shadowing is one type of transaction redundancy solution. It is a mirroring technology used in databases, in which information is written to at least two hard drives for the purpose of redundancy. References: , 6th Edition, McGraw-Hill, 2013, pp. 938-939

Answer 519

Correct Answer: A Database Shadowing is one type of transaction redundancy solution whereby a full copy of the user's database is maintained at an alternate information processing facility. Incorrect Answers: B: Data mirroring does not necessarily use a remote location. Data mirroring mirrors data to another server, or to another hard drive on the same server, on the local network. C: A backup solution would not handle database records. It handles data at the file level. D: An archiving solution would not handle database records. It handles data at the file level. References: http://www.bcmpedia.org/wiki/Database_Shadowing

Answer 520

Correct Answer: C An internal hot site is standby ready with all the technology and equipment necessary to run the applications to be recovered there. Incorrect Answers: A: An external hot site has equipment on the floor waiting for recovery, but the environment must be rebuilt for the recovery. An external hot site is not standby ready. B: A warm site is not standby ready. A warm site is a leased or rented facility that is usually partially configured with some equipment, such as HVAC, and foundational infrastructure components, but not the actual computers. In other words, a warm site is usually a hot site without the expensive equipment such as communication equipment and servers. D: A dual data center is employed for application that canAccept any downtime without unacceptably impacting the business. A dual data center would be more than standby ready, but it would be more expensive.

Answer 521

Correct Answer: C The salvage team must ensure the reliability of primary site. This is done by returning the least-mission-critical processes to the restored original site to stress test the rebuilt network. As the restored site shows resiliency, more important processes are transferred. Incorrect Answers: A: The most critical operations should be to the primary site after, Before, the other less critical operations have been moved. B: As many operations that the salvage team handles are the same as the operations carried out by the disaster recovery team, there can be very well be an overlap between the team members. A person can be a member of both teams. D: The order in which the operations are restored should Be exactly the same order in which the operations where moved to the alternative site. You should transfer the least critical operations first. References: , 5th Edition, Sybex, Indianapolis, 2011, p. 669

Answer 522

Correct Answer: A Cheyenne Software (now owned by Computer Associates) was the first to offer RAID 5 for tape devices. Because by nature tape devices employ a sequential access method, RAID 5 is an ideal solution for a tape array. Incorrect Answers: B: A scale array is A RAID backup system. C: A crimson array is A RAID backup system. D: A table array is A RAID backup system.

Answer 523

Correct Answer: C Once you develop a list of threats, you must individually evaluate each threat and its related risk. There are two risk assessment methodologies: quantitative and qualitative. Quantitative risk analysis assigns real dollar figures to the loss of an asset. Incorrect Answers: A: Accuracy is not measured. It is the list of threats that are quantitative measured. B: Elapsed time for completion of critical tasks is Critical. It is critical to evaluate the risks. D: the observed test results are Evaluated. The business function either passes or fails the test. References: , 5th Edition, Sybex, Indianapolis, 2011, p. 243

Answer 524

Correct Answer: D The evidence lifecycle does not include destruction. The evidence need to be preserved. Incorrect Answers: A: The evidence lifecycle include collection and identification of evidence. B: Analysis of evidence is included in the evidence lifecycle. C: The evidence lifecycle include storage, preservation, and transportation of evidence. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 1054

Answer 525

Correct Answer: A A server cluster is a group of servers that are viewed logically as one server to users and can be managed as a single logical system through a single IP address. Incorrect Answers: B: Redundant servers are not grouped together and can be managed through a single IP address. C: In general, a group of multiple servers can be grouped together and managed through a single IP address. D: Server fault tolerance is not related to managing a group of servers through a single IP address. References: , 6th Edition, McGraw-Hill, 2013, p. 1272

Answer 526

Correct Answer: C All data should be archived. A full backup copies all the data from the system to the backup medium. After the full backup has finished, the backup media is physically transported to another off-site location. Incorrect Answers: A: Archiving should copy all the data, but an incremental backup copies only the files that have been modified since the previous backup. B: There is no special off-site backup method. Instead use a standard full backup and transport the backup media to the other site. D: Archiving should copy all the data, but a differential backup copies only the difference in the data since the last full backup. References: , 6th Edition, McGraw-Hill, 2013, p. 1410

Answer 527

Correct Answer: A RAID-0 is faster than RAID-5 since RAID-0 is striping without parity, while RAID-5 uses parity which makes it slower. Incorrect Answers: B: RAID-3 uses byte-level parity. The Data striping over all drives and parity data held on one drive. If a drive fails, it can be reconstructed from the parity drive. C: With RAID-0 the data striped over several drives. No redundancy or parity is involved. If one volume fails, the entire volume can be unusable. It is used for performance only. D: RAID-4 uses block-level parity. The Data striping over all drives and parity data held on one drive. If a drive fails, it can be reconstructed from the parity drive. References: , 6th Edition, McGraw-Hill, 2013, p. 1270

Answer 528

Correct Answer: D Contingency plans are developed as a result of a risk being identified. Contingency plans are pre-defined actions plans that can be implemented if identified risks actually occur. One type of identified risk is a residual risk. Residual risks are those risks that are expected to remain after implementing the planned risk response, as well as those that have been deliberately accepted. A contingency plan should address the risks found during risk assessment. Risk assessment includes both the identification of potential risk and the evaluation of the potential impact of the risk. Incorrect Answers: A: Contingency plans should not just address potential risks. It should address identified risks and residual risks as well. B: Contingency plans should not just address residual risks. It should address identified risks and potential risks as well. C: Contingency plans should not just address identified risks. It should address potential risks and residual risks as well.

Answer 529

Correct Answer: A A business continuity plan (BCP) contains strategy documents that provide detailed procedures that ensure critical business functions are maintained. Incorrect Answers: B: A recovery plan is focused on what actions to take after the disruption, while a Business continuity plan also includes procedures to keep critical business functions working during a disruption. C: The plan that keeps the business functions operating during a disruption is not named continuity of operations plan; it is called a Business continuity plan. D: A Disaster recovery plan is a plan developed to help a company recover from a disaster. It does not include operations to sustain business functions during a disruption. References: , 6th Edition, McGraw-Hill, 2013, p. 961

Answer 530

Correct Answer: A A risk assessment is a critical part of the disaster recovery planning process. In disaster recovery planning, once you've completed a business impact analysis (BIA), the next step is to perform a risk assessment. Once risks and vulnerabilities have been identified, i.e. after the risk assessment has been completed, four types of defensive responses can be considered: Protective measures - Mitigation measures - Recovery activities - Contingency plans - Incorrect Answers: B: Contingency plans depend on risk assessments, not on residual risks. The residual risk is remaining risk after the security controls have been applied. C: Contingency plans depend on risk assessments, not on Security controls. D: Contingency plans depend on risk assessments, not on Business units. References: http://searchdisasterrecovery.techtarget.com/Risk-assessments-in-disaster-recovery-planning-A-free-IT-risk-assessment-template-and-guide

Answer 531

Correct Answer: B The Contingency Planning Coordinator is not responsible to distribute the contingency plan to all employees. Incorrect Answers: A: Once a continuity plan is developed, it actually has to be put into action. The people who are assigned specific tasks need to be taught and informed how to fulfill those tasks, and dry runs must be done to walk people through different situations. The drills should take place at least once a year, and the entire program should be continually updated and improved. C: Version control is critical. A strict version control of the IT contingency should be kept. D: There should be two or three copies of these plans. One copy may be at the primary location, but the other copies should be at other locations in case the primary facility is destroyed. References: , 6th Edition, McGraw-Hill, 2013, p. 951

Answer 532

Correct Answer: D With load balancing, often through clustering, each system takes a part of the processing load, and if one system fails there is an automatic failover to the other systems which continue to work. This guarantees a high availability of the service. Incorrect Answers: A: Systems backups only protects against data loss. It does not product a failure of server. B: Electronic vaulting and remote journaling are transaction redundancy solutions. It protect the system by copying transaction information to a remote location. In case of server failure the database can be restored, but it would require a rebuild of the database. C: RAID protects against a hard disk failures, but it does not protect against other type of server failures. References: , 6th Edition, McGraw-Hill, 2013, p. 1272

Answer 533

Correct Answer: D A BIA (business impact analysis) is considered a functional analysis, in which a team collects data through interviews and documentary sources; documents business functions, activities, and transactions; develops a hierarchy of business functions; and finally applies a classification scheme to indicate each individual functions criticality level. Incorrect Answers: A: A risk assessment includes the identification of potential risk and the evaluation of the potential impact of the risk. A risk assessment is a functional analysis of critical business functions. B: A Business Assessment is a functional analysis of critical business functions. The Business Assessment is an analysis that identifies the resources that are critical to an organizations ongoing viability and the threats posed to those resources. C: A disaster recovery plan focuses on how to recover various IT mechanisms after a disaster. A disaster recovery plan is a functional analysis of critical business functions. References: , 6th Edition, McGraw-Hill, 2013, p. 905

Answer 534

Correct Answer: D A business impact analysis includes identifying critical systems and functions of a company and interviewing representatives from each department. Once managements support is solidified, a business impact analysis needs to be performed to identify the threats the company faces and the potential costs of these threats. Incorrect Answers: A: Identifying critical business units is an initial step of a Business Impact Analysis. Business Impact Analysis focuses on business functions, not on business units. B: Evaluating the impact of disruptive events is an initial step of a Business Impact Analysis. C: Estimating the Recovery Time Objectives is an initial step of a Business Impact Analysis. References: , 6th Edition, McGraw-Hill, 2013, p. 972

Answer 535

Correct Answer: B One of the most important elements of the disaster recovery plan is the selection of alternate processing sites to be used when the primary sites are unavailable. To get the alternate site operational it would need an information technology system similar to equal to the system running on the primary. This would include telecommunication facilities such as internet access. We would also need the data from the primary site to get the alternate site up and running. Incorrect Answers: A: Marketing/Public relations are not the primary concern. Most important is to get an alternate processing site running. C: At a disaster the Information Systems would be disrupted. To get the information systems up and running again we would need an alternate processing site, which requires the data, telecomm, and information systems facilities. D: Facility security relations are not the primary concern. Most important is to get an alternate processing site running. References: , 5th Edition, Sybex, Indianapolis, 2011, p. 655

Answer 536

Correct Answer: A A single plan is Always the best idea. Depending on the size of your organization and the number of people involved in the DRP effort, it may be a good idea to maintain multiple types of Recovery Plans documents. Incorrect Answers: B: A Business Continuity Plan committee needs to be put together. This committee decides course of actions that are implemented in the Business Continuity Plan. C: Business continuity planning is focused on keeping business functions uninterrupted when a disaster strikes. D: The Business Continuity Plan risk assessment should include continuity risks due to outsourced vendors and suppliers. Critical vendors should be contacted to ensure that necessary equipment can be obtained. References: , 5th Edition, Sybex, Indianapolis, 2011, p. 661

Answer 537

Correct Answer: B Failure of the contingency plan is usually considered as a management failure. Incorrect Answers: A: A technical failure is not usually thought to be a failure of the contingency plan. C: A lack of awareness is not usually thought to be a failure of the contingency plan. D: Lack of training is not usually thought to be a failure of the contingency plan.

Answer 538

Correct Answer: A Damaged media is A critical part of contingency planning. Incorrect Answers: B: When choosing a backup facility, it should be far enough away from the original site so that one disaster does not take out both locations. C: To protect against disasters a copy of the current contingency plan must be stored away from the main site. D: To protect against disasters at least some of the backups must be stored at another location than the main site. References: , 6th Edition, McGraw-Hill, 2013, p. 953

Answer 539

Correct Answer: A A corrective control, such as business continuity plan (BCP), consists of instructions, procedures, or guidelines used to reverse the effects of an unwanted activity, such as attacks or errors. In particular a BCP is the assessment of a variety of risks to organizational processes and the creation of policies, plans, and procedures to minimize the impact those risks might have on the organization if they were to occur. Incorrect Answers: B: A business continuity plan is A detective control. A detective control is an access control deployed to discover unwanted or unauthorized activity. Examples of detective access controls include security guards, supervising users, incident investigations, and intrusion detection systems (IDSs). C: A preventive control is any security mechanism, tool, or practice that can deter and mitigate undesirable actions or events. A business continuity plan is A preventive control. D: A compensating control is a data security measure that is designed to satisfy the requirement for some other security measure that is deemed too difficult or impractical to implement. A business continuity plan is A compensating control. References: , 5th Edition, Sybex, Indianapolis, 2011, p. 14

Answer 540

Correct Answer: A A Business Impact Analysis (BIA) is performed at the beginning of business continuity planning to identify all the areas of the enterprise that would suffer the greatest financial or operational loss in the event of a disaster or disruption. Incorrect Answers: B: All areas of the operations must be considered, not only the financial an information processing areas. C: All areas of the operations must be considered, not only the operating areas. D: All areas of the operations must be considered, not only the marketing, finance, and information processing areas. References: , 6th Edition, McGraw-Hill, 2013, p. 911

Answer 541

Correct Answer: A A hot site is a backup facility is maintained in constant working order, with a full complement of pre-installed servers and workstations, raised flooring, air conditioning, network equipment including communications links, and UPS ready to assume primary operations responsibilities. Incorrect Answers: B: A site in which space is reserved with pre-installed wiring and raised floors is called a cold site, A hot site. C: A hot site includes pre-installed servers. D: A hot site includes pre-installed servers. References: , 5th Edition, Sybex, Indianapolis, 2011, p. 656

Answer 542

Correct Answer: D Remote journaling is a method of transmitting data offsite. It usually only includes moving the journal or transaction logs to the offsite facility, not the actual files. These logs contain the deltas (changes) that have taken place to the individual files. If and when data are corrupted and need to be restored, the bank can retrieve these logs, which are used to rebuild the lost data. Incorrect Answers: A: Remote journaling does not involve tapes that are sent on an hourly schedule. B: Remote journaling does not involve tapes that are sent on a daily schedule. C: Remote journaling send log files, not transactions, to a remote location. References: , 6th Edition, McGraw-Hill, 2013, pp. 938-939

Answer 543

Correct Answer: C Public Relations is part of the BCP, but it is not part of the BIA. Public relations and Crisis Communication should be part of the BCP. Incorrect Answers: A: IT Network Support is part of both the BCP and the BIA. B: Accounting is part of both the BCP and the BIA. D: Purchasing is part of both the BCP and the BIA. References: , 6th Edition, McGraw-Hill, 2013, p. 905

Answer 544

Correct Answer: A A corrective control, such as business continuity plan (BCP), consists of instructions, procedures, or guidelines used to reverse the effects of an unwanted activity, such as attacks or errors. In particular a BCP is the assessment of a variety of risks to organizational processes and the creation of policies, plans, and procedures to minimize the impact those risks might have on the organization if they were to occur. Incorrect Answers: B: A business continuity plan is A detective control. A detective control is an access control deployed to discover unwanted or unauthorized activity. Examples of detective access controls include security guards, supervising users, incident investigations, and intrusion detection systems (IDSs). C: A preventive control is any security mechanism, tool, or practice that can deter and mitigate undesirable actions or events. A business continuity plan is A preventive control. D: A compensating control is a data security measure that is designed to satisfy the requirement for some other security measure that is deemed too difficult or impractical to implement. A business continuity plan is A compensating control. References: , 5th Edition, Sybex, Indianapolis, 2011, p. 14

Answer 545

Correct Answer: A A Business Impact Analysis (BIA) is performed at the beginning of business continuity planning to identify all the areas of the enterprise that would suffer the greatest financial or operational loss in the event of a disaster or disruption. Incorrect Answers: B: All areas of the operations must be considered, not only the financial an information processing areas. C: All areas of the operations must be considered, not only the operating areas. D: All areas of the operations must be considered, not only the marketing, finance, and information processing areas. References: , 6th Edition, McGraw-Hill, 2013, p. 911

Answer 546

Correct Answer: A A hot site is a backup facility is maintained in constant working order, with a full complement of pre-installed servers and workstations, raised flooring, air conditioning, network equipment including communications links, and UPS ready to assume primary operations responsibilities. Incorrect Answers: B: A site in which space is reserved with pre-installed wiring and raised floors is called a cold site, A hot site. C: A hot site includes pre-installed servers. D: A hot site includes pre-installed servers. References: , 5th Edition, Sybex, Indianapolis, 2011, p. 656

Answer 547

Correct Answer: D Remote journaling is a method of transmitting data offsite. It usually only includes moving the journal or transaction logs to the offsite facility, not the actual files. These logs contain the deltas (changes) that have taken place to the individual files. If and when data are corrupted and need to be restored, the bank can retrieve these logs, which are used to rebuild the lost data. Incorrect Answers: A: Remote journaling does not involve tapes that are sent on an hourly schedule. B: Remote journaling does not involve tapes that are sent on a daily schedule. C: Remote journaling send log files, not transactions, to a remote location. References: , 6th Edition, McGraw-Hill, 2013, pp. 938-939

Answer 548

Correct Answer: C Public Relations is part of the BCP, but it is not part of the BIA. Public relations and Crisis Communication should be part of the BCP. Incorrect Answers: A: IT Network Support is part of both the BCP and the BIA. B: Accounting is part of both the BCP and the BIA. D: Purchasing is part of both the BCP and the BIA. References: , 6th Edition, McGraw-Hill, 2013, p. 905

Answer 549

Correct Answer: D Electronic vaulting makes copies of files as they are modified and periodically transmits them in a bulk to an offsite backup site. Incorrect Answers: A: Electronic vaulting does not use tape backup on an hourly basis. B: Electronic vaulting does not use tape backup on a daily basis. C: Electronic vaulting copies data files not transaction logs. Remote journaling transfer log files. References: , 6th Edition, McGraw-Hill, 2013, pp. 938-939

Answer 550

Correct Answer: D The first business impact assessment (BIA) task facing the BCP team is identifying business priorities. The second quantitative measure that the team must develop is the maximum tolerable downtime (MTD). The final step of the BIA is to prioritize the allocation of business continuity resources to the various risks that you identified and assessed in the preceding tasks of the BIA. Incorrect Answers: A: Continuity planning and data recovery planning are not part of the BIA. B: Business continuity plan development is not part of the BIA. C: Facility planning is not part of the BIA. References: , 5th Edition, Sybex, Indianapolis, 2011, p. 623-624

Answer 551

Correct Answer: C A classification of critical has a maximum tolerable downtime (MTD) in minutes to hours, such as 2 hours. Incorrect Answers: A: A classification as Important would have a MTD of around 72 hours. B: A classification as urgent would have a MTD of around 24 hours. D: There is no MTD classification named vital. The classifications are Nonessential (30 days), Normal (7 days), Important (72 hours), Urgent (24 hours), and Critical/Essential (minutes to hours). References: http://docplayer.net/1184175-Cissp-common-body-of-knowledge-business-continuity-disaster-recovery-planning-domain-version-5-9-2.html

Answer 552

Correct Answer: B A Business Impact Assessment (BIA) supports the mission of the organization by identifying the resources that are critical to an organizations ongoing viability and the threats posed to those resources. The BIA also assesses the likelihood that each threat will actually occur and the impact those occurrences will have on the business. Incorrect Answers: A: BIA is about critical business functions, and about technology. C: While due care concerns using reasonable care to protect the interests of an organization, BIA is about supporting the mission of the organization. D: BIA is about risk assessment. A BIA often takes place prior to a risk assessment. The BIA focuses on the effects or consequences of the interruption to critical business functions and attempts to quantify the financial and non-financial costs associated with a disaster. The business impact assessment looks at the parts of the organization that are most crucial. References: , 5th Edition, Sybex, Indianapolis, 2011, p. 825

Answer 553

Correct Answer: A Organizations must ensure that there is always an executive available to make decisions during a disaster. Executive succession planning determines an organizations line of succession. Executives may become unavailable due to a variety of disasters, ranging from injury and loss of life to strikes, travel restrictions, and medical quarantines. Incorrect Answers: B: The purpose of a Continuity of Operations plan is to maintain operations during a disaster. Continuity of Operations does address chain of command recovery. C: A Business Impact Assessment (BIA) is an analysis that identifies the resources that are critical to an organizations ongoing viability and the threats posed to those resources. A BIA does address chain of command recovery. D: Business continuity planning is focused on keeping business functions uninterrupted when a disaster strikes. Business continuity planning does address chain of command recovery. References: , 2nd Edition, Syngress, Waltham, 2012, p. 372

Answer 554

Correct Answer: D In a Structured walk-through test representatives from each department or functional area come together and go over the plan to ensure its accuracy. The group reviews the objectives of the plan; discusses the scope and assumptions of the plan; reviews the organization and reporting structure; and evaluates the testing, maintenance, and training requirements described. Incorrect Answers: A: In a Simulation test the plan is not reviewed in detail. In a Simulation test all employees who participate in operational and support functions, or their representatives, come together to practice executing the disaster recovery plan based on a specific scenario. B: A Checklist test, like a Structured walk-through test, has the aim to review the plan, but in a Checklist test the functional representatives do not meet. Instead copies of the BCP are distributed to the different departments and functional areas for review. C: The purpose of a Parallel test is not to review the plan in detail. A parallel test is done to ensure that the specific systems can actually perform adequately at the alternate offsite facility. References: , 6th Edition, McGraw-Hill, 2013, p. 955

Answer 555

Correct Answer: B Senior management is ultimately responsible for all phases of the plan, and who should be most concerned about the protection of its assets. They must sign off on all policy issues, and they will be held liable for overall success or failure of a security solution. Incorrect Answers: A: If possible the BCP plan should by endorsed by the Executive management staff, but the Executive management staff is not responsible for identifying and prioritizing time-critical systems. C: The BCP committee does not identify and prioritize systems. The BCP committee oversees, initiates, plans, approves, tests and audits the BCP. It also implements the BCP, coordinates activities, approve the BIA survey. The BCP committee also oversees the creation of continuity plans and reviews the results of quality assurance activities D: Functional business units are a part of the BCP committee. Functional business units are not responsible for identifying and prioritizing time-critical system. References: , 5th Edition, Sybex, Indianapolis, 2011, p. 55

Answer 556

Correct Answer: A If the incident response team determines that a crime has been carried out, senior management should be informed immediately. If the suspect is an employee, a human resources representative must be called right away. Incorrect Answers: B: Industrial Security does not need to be involved when an employee is suspected of a crime. C: Public Relations does not need to be involved when an employee is suspected of a crime. D: The External Audit Group does not need to be involved when an employee is suspected of a crime. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 1035

Answer 557

Correct Answer: A The computer system should not be changed, while the incident handling is ongoing. System development should not occur during incident handling. Incorrect Answers: B: As part of the ongoing incident handling employees, vendors, customers, partner, devices or sensors report the event to Help Desk. C: System imaging would not affect the ongoing incident handling and should take place to D: The Risk management process would not affect the ongoing incident handling. References: https://en.wikipedia.org/wiki/Computer_security_incident_management

Answer 558

Correct Answer: D The original media should have two copies created: a primary image (a control copy that is stored in a library) and a working image (used for analysis and evidence collection). These should be timestamped to show when the evidence was collected. Displaying the contents of a folder would affect the original media, and would compromise the evidence collection process. Incorrect Answers: A: A write blocker would be a step to secure the integrity of the media. B: Making a full-disk image would be a part of the investigation process. C: To create a message digest for log files would be part of the documentation. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 1049

Answer 559

Correct Answer: B In some circumstances, a law enforcement agent may seize evidence that is not included in the warrant, such as if the suspect tries to destroy the evidence. In other words, if there is an impending possibility that evidence might be destroyed, law enforcement may quickly seize the evidence to prevent its destruction. This is referred to as exigent circumstances. Incorrect Answers: A: The exception to the search warrant is called exigent Circumstance, not Evidence Circumstance. C: Admissible evidence is not related to any search warrant. The general rule in evidence is that all relevant evidence is admissible and all irrelevant evidence is inadmissible. D: A search without a warrant can only be executed under exigent circumstances, not under exigent probabilities. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 1057

Answer 560

Correct Answer: D Oral evidence, such as a witnesss testimony, and copies of original documents are placed in the secondary evidence category. Secondary evidence is not viewed as reliable and strong in proving innocence or guilt (or liability in civil cases) when compared to best evidence. Incorrect Answers: A: Direct evidence can prove a fact all by itself and does not need backup information to refer to. B: Circumstantial evidence can prove an intermediate fact that can then be used to deduce or assume the existence of another fact. C: Hearsay evidence pertains to oral or written evidence presented in court that is secondhand and has no firsthand proof of accuracy or reliability. Hearsay is even less reliable compared to secondary evidence. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 1055

Answer 561

Correct Answer: A Direct evidence can prove a fact all by itself and does not need backup information to refer to. Direct evidence often is based on information gathered from a witnesss five senses. Incorrect Answers: B: Circumstantial evidence can prove an intermediate fact, but not a direct fact by itself. The intermediate fact can then be used to deduce or assume the existence of another fact. C: Conclusive evidence is not collected from the five senses of a witness. Conclusive evidence is irrefutable and cannot be contradicted. Conclusive evidence is very strong all by itself and does not require corroboration. D: Corroborative evidence is supporting evidence used to help prove an idea or point. It cannot stand its own, so it cannot disprove a specific act. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 1055

Answer 562

Correct Answer: B Corroborative evidence is supporting evidence used to help prove an idea or point. It cannot stand its own. Incorrect Answers: A: Circumstantial evidence can prove an intermediate fact, but not a direct fact by itself. The intermediate fact can then be used to deduce or assume the existence of another fact. This type of fact is used so the judge or jury will logically assume the existence of a primary fact. C: Opinion evidence would be the opinion of a witness, but the opinion rule dictates that the witness must testify to only the facts of the issue and not her opinion of the facts. D: Secondary evidence is not viewed as reliable and strong in proving innocence or guilt (or liability in civil cases) when compared to best evidence. Oral evidence, such as a witnesss testimony, and copies of original documents are placed in the secondary evidence category. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 1055

Answer 563

Correct Answer: D A chain of custody is a history that shows how evidence was collected, analyzed, transported, and preserved in order to be presented in court. Because electronic evidence can be easily modified, a clearly defined chain of custody demonstrates that the evidence is trustworthy. Incorrect Answers: A: The immateriality of the evidence is not the most important. It is more important to show how the evidence was collected, analyzed, transported, and preserved. This is called the chain of custody. B: The reliability of the evidence is not the most important. It is more important to show how the evidence was collected, analyzed, transported, and preserved. This is called the chain of custody. C: The process of producing the evidence is not the most important. It is more important to show how the evidence was collected, analyzed, transported, and preserved. This is called the chain of custody. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 1050

Answer 564

Correct Answer: B A memory dump identifies the state of the system. Computer-generated evidence that is in the form of routine operational business data or reports and binary disk or memory dumps now constitute exceptions to the rule that computer-generated evidence is hearsay, and is therefore admissible in court. Incorrect Answers: A: A memory dump does not identify the truth, it is identification of the state of the system. C: The state of the memory, the system state, can be admissible as evidence in court. D: The exclusionary rule refers to evidence that is inadmissible. The exclusionary rule is a legal principle in the United States, under constitutional law, which holds that evidence collected or analyzed in violation of the defendant's constitutional rights is sometimes inadmissible for a criminal prosecution in a court of law. References: , 5th Edition, Sybex, Indianapolis, 2011, p. 504

Answer 565

Correct Answer: C If the event is determined to be a real incident, it is identified and classified. Once we understand the severity of the incident taking place, we move on to the next stage, which is investigation. Investigation involves the proper collection of relevant data, which will be used in the analysis and following stages. The goals of these stages are to reduce the impact of the incident, identify the cause of the incident, resume operations as soon as possible, and apply what was learned to prevent the incident from recurring. Incorrect Answers: A: Before we can eliminate intruder access we would have to determine the extent of the intrusion. B: Before containing the intrusion we need to determine the extent of the intrusion. D: Before we can communicate with the relevant parties we need to determine the extent of the intrusion. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 1038

Answer 566

Correct Answer: C For a crime to be successfully prosecuted, solid evidence is required. Computer forensics is the art of retrieving this evidence and preserving it in the proper ways to make it admissible in court. Related system information must be captures and recorded. Incorrect Answers: A: To backup up a compromised system is a good idea, but it is not required for prosecution. B: Identifying the attacks would be a useful further step, but first the evidence must be safeguarded. D: To isolate a compromised system is a good idea, but it is not required for prosecution. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 1052

Answer 567

Correct Answer: A In a multilevel security (MLS) database system, a trusted front-end is configured. Users connect to the trusted front-end and the trusted front-end connects to the database system. The trusted front end is responsible for directing queries to the correct database processor, for ensuring that there is no illegal flow of information between the database processors, for maintaining data consistency between replicated database fragments, and for properly labeling query responses and sending them back to the appropriate user. In addition, the trusted front end is responsible for user identification and authentication, maintenance of the trusted path to the user, and auditing. Incorrect Answers: B: A trusted back-end is not configured. The back-end would be the database system. Users connect to a trusted-front end which in turn connects to the back-end database system. C: A controller is not the correct term for a system that is configured for a multilevel security database system. D: A kernel is the heart of an operating system. This is not what is configured for a multilevel security database system. References: http://www.acsac.org/secshelf/book001/19.pdf

Answer 568

Correct Answer: D High-level languages enforce coding standards as a specific order to statements is required as well as a syntax that must be used. Incorrect Answers: A: High-level language makes a program easier to code but does not affect the execution times for a program. B: High-level languages have a set syntax that the programmer needs to follow. It does not allow the programmer to define their own syntax. C: High-level languages abstract the actual operation of the computer system such as memory usage, and storage. References: , 6th Edition, McGraw-Hill, New York, 2013, pp. 1125-1128

Answer 569

Correct Answer: A An online transaction processing system is used in conjunction with a database to commit transactions to a database in real time. The database must maintain its integrity, meaning the data in the database must be accurate at all times. Therefore, transactions must occur correctly or not at all to ensure that that only accurate data are entered into the database. If any of the steps in a transaction fails to complete to due invalid data, all the steps of the transaction are rolled back (dropped). Incorrect Answers: B: Invalid transactions should not be processed as it would affect the accuracy of the data and the integrity of the database. Instead, the transaction should be dropped. C: Writing the transaction to a report for later review would help identify potential problems and/or threats. However, the database must maintain its integrity, meaning the data in the database must be accurate at all times. This means that the invalid transactions should not be allowed as it would compromise the database integrity. Therefore, the transaction should be dropped. D: Generally, an online transaction processing system does not have mechanisms to correct invalid transactions. These transactions are made by information entered into a web form or other front-end interface. The user needs to correct their error and resubmit the information. References: , 6th Edition, McGraw-Hill, New York, 2013, pp. 1180-1182, 1187-1188 http://en.wikipedia.org/wiki/Online_transaction_processing http://databases.about.com/od/administration/g/concurrency.htm

Answer 570

Correct Answer: A The human error in this answer is poor programming by the software developer. A buffer overflow takes place when too much data are accepted as input to a specific process. A buffer is an allocated segment of memory. A buffer can be overflowed arbitrarily with too much data, but for it to be of any use to an attacker, the code inserted into the buffer must be of a specific length, followed up by commands the attacker wants executed. When a programmer writes a piece of software that will accept data, this data and its associated instructions will be stored in the buffers that make up a stack. The buffers need to be the right size to accept the inputted data. So if the input is supposed to be one character, the buffer should be one byte in size. If a programmer does not ensure that only one byte of data is being inserted into the software, then someone can input several characters at once and thus overflow that specific buffer. Incorrect Answers: B: The Windows Operating system does not cause buffer overflow vulnerabilities. C: Insecure programming languages do not cause buffer overflow vulnerabilities. D: Insecure Transport Protocols do not cause buffer overflow vulnerabilities. References: , 6th Edition, McGraw-Hill, 2013, p. 332

Answer 571

Correct Answer: D Certification and accreditation (C&A) processes are performed before a system can be formally installed in the production environment. Certification is the technical testing and evaluation of a system while accreditation is the formal authorization given by management to allow a system to operate in a specific environment. The accreditation decision is based upon the results of the certification process. This occurs during the acceptance phase. Incorrect Answers: A: The project initiation and planning phase is the initial phase that establishes the need for a system. Nothing has been developed yet to be evaluated, tested, accredited, etc. B: System requirement specifications are gathered in the system design and specifications phase. This phase determines how the system will accomplish design goals and could cover required functionality, compatibility, fault tolerance, extensibility, security, usability, and maintainability. C: During the development & documentation phase programmers are assigned tasks to meet the specifications laid out in the design phase. This is where the system is developed. References: , 6th Edition, McGraw-Hill, New York, 2013, pp. 300, 406-407, 1092, 1095

Answer 572

Correct Answer: D A system has a developmental life cycle, which is made up of the following phases: initiation, acquisition/development, implementation, operation/maintenance, and disposal. Collectively these are referred to as a system development life cycle (SDLC). Security is critical in each phase of the life cycle. In the initiation phase the company establishes the need for a specific system. The company has figured out that there is a problem that can be solved or a function that can be carried out through some type of technology. A preliminary risk assessment should be carried out to develop an initial description of the confidentiality, integrity, and availability requirements of the system. The Acquisition/Development phase should include security analysis such as Security functional requirements analysis and Security assurance requirements analysis In the Implementation phase, it may be necessary to carry out certification and accreditation (C&A) processes before a system can be formally installed within the production environment. Certification is the technical testing of a system. In the Operation and Maintenance phase, continuous monitoring needs to take place to ensure that security baselines are always met. Vulnerability assessments and penetration testing should also take place in this phase. These types of periodic testing allow for new vulnerabilities to be identified and remediated. Disposal phase: When a system no longer provides a needed function, plans for how the system and its data will make a transition should be developed. Data may need to be moved to a different system, archived, discarded, or destroyed. If proper steps are not taken during the disposal phase, unauthorized access to sensitive assets can take place. Incorrect Answers: A: Security staff should participate in all phases of the system development life cycle, not just the project initiation and planning phases. B: Security staff should participate in all phases of the system development life cycle, not just the development phase. Documentation is not one of the phases in the system development life cycle. C: System design specifications would happen in the development phase. System design specifications is not a recognized phase in itself. Security staff should participate in all phases of the system development life cycle, not just the development phase. References: , 6th Edition, McGraw-Hill, New York, 2013, pp. 1087-1093

Answer 573

Correct Answer: A A Pseudo flaw is appearing as a vulnerability in an operating system program but is in actual fact a trap for intruders who may attempt to exploit the vulnerability. Incorrect Answers: B: Pseudocode is an informal high-level description of the operating principle of a software program. It uses some of the syntax and conventions of a programming language, but is intended for human reading rather than machine reading. C: Bounds checking is used to test for violations in application programming. Essentially, it tests the applications response to inputted data and ensures the inputted data are of an acceptable length. D: A page fault is caused when the operating kernel attempts to access a page that is in virtual memory rather than in RAM. This often causes the system to halt. References: http://itlaw.wikia.com/wiki/Pseudo-flaw https://en.wikipedia.org/wiki/Pseudocode , 6th Edition, McGraw-Hill, New York, 2013, p. 334 , 2nd Edition, Syngress, Waltham, 2012, p. 267

Answer 574

Correct Answer: A The Software Capability Maturity Model (CMM) is based on the premise that the quality of a software product is a direct function of the quality of its associated software development and maintenance processes. It introduces five maturity levels that serve as a foundation for conducting continuous process improvement and as an ordinal scale for measuring the maturity of the organization involved in the software processes. CMM has Five Maturity Levels of Software Processes: ✑ The initial level: processes are disorganized, even chaotic. Success is likely to depend on individual efforts, and is not considered to be repeatable as processes would not be sufficiently defined and documented to allow them to be replicated. ✑ The repeatable or managed level: basic project management techniques are established, and successes could be repeated as the requisite processes would have been made established, defined, and documented. ✑ The defined level: an organization has developed its own standard software process through greater attention to documentation, standardization, and integration. The quantatively managed level: an organization monitors and controls its own processes through data collection and analysis. ✑ The optimized level: processes are constantly being improved through monitoring feedback from current processes and introducing innovative processes to better serve the organization's particular needs. Incorrect Answers: B: The Spiral model uses an iterative approach to software development with an emphasis on risk analysis. The iterative approach allows new requirements to be addressed as they are uncovered. Testing takes place early in the development project, and feedback based upon these tests is integrated into the following iteration of steps. The risk analysis ensures that all issues are actively reviewed and analyzed. The evaluation phase allows the customer to evaluate the product in its current state and provide feedback, which is an input value for the following iteration of steps. This is a good model for complex projects that have fluid requirements. C: The Waterfall model uses a linear-sequential life-cycle approach with each phase having to be completed in its entirety before the next phase can begin. At the end of each phase, a review takes place to make sure the project is on the correct path. In this model all requirements are gathered in the initial phase and it is difficult to integrate changes as more information becomes available or requirements change. D: Expert systems is not a model for the development of software products. It is the use artificial intelligence (AI) to solve problems and is also called knowledge- based systems. References: , 6th Edition, McGraw-Hill, New York, 2013, pp. 62, 1112, 1115-1116, 1120-1122, 1192 http://en.wikipedia.org/wiki/Capability_Maturity_Model Question #16

Answer 575

Correct Answer: B Debugging provides the basis for the programmer to correct the logic errors in a program under development before it goes into production. Logical errors and coding mistakes are referred to as bugs in the code. Incorrect Answers: A: The process of generating random data that can be sent to a target program in order to trigger failures is called fuzzing. C: Debugging does not protect the program from changes. D: Debugging is not used to compare code versions. References: , 6th Edition, McGraw-Hill, New York, 2013, pp. 1102-1103, 1105 https://en.wikipedia.org/wiki/Debugging

Answer 576

Correct Answer: D An object-oriented database has classes to define the attributes and procedures of its objects, which can be a variety of data types such as images, audio, documents, and video. This complex data is required for computer-aided design and imaging. Incorrect Answers: A, B, C: Computer-aided development, computer-aided duplexing, and computer-aided processing are not valid computing terms. The correct term is computer- aided design. References: , 6th Edition, McGraw-Hill, New York, 2013, pp. 1173-1174

Answer 577

Correct Answer: D A relational database model uses attributes (columns) and tuples (rows) to contain and organize information. The relational database model is the most widely used model today. It presents information in the form of tables. A relational database is composed of two-dimensional tables, and each table contains unique rows, columns, and cells (the intersection of a row and a column). Each cell contains only one data value that represents a specific attribute value within a given tuple. These data entities are linked by relationships. The relationships between the data entities provide the framework for organizing data. A primary key is a field that links all the data within a record to a unique value. Data manipulation language (DML) contains all the commands that enable a user to view, manipulate, and use the database (view, add, modify, sort, and delete commands). A constraint is usually associated with a table and is created with a CREATE CONSTRAINT or CREATE ASSERTION SQL statement. They define certain properties that data in a database must comply with. They can apply to a column, a whole table, more than one table or an entire schema. Security structures called referential validation within tables are not an element of a relational database model. Referential integrity is used to ensure all foreign keys reference primary keys. Referential validation is not a security structure within a table. Incorrect Answers: A: Relations, tuples, attributes and domains are elements of a relational database model. B: Data Manipulation Language (DML) is an element of a relational database model. C: Constraints to determine valid ranges and values are an element of a relational database model. References: , 6th Edition, McGraw-Hill, New York, 2013, pp. 1171-1177

Answer 578

Correct Answer: A A database can be defined as a persistent collection of interrelated data items. Persistency is obtained through the preservation of integrity and through the use of nonvolatile storage media. The description of a database is a schema and a Data Description Language (DDL) defines the schema. Incorrect Answers: B: A database management system is the software that maintains and provides access to the database. This is not what is described in the question. C: Database security restricts access to the database to authorized users and applications. This is not what is described in the question. D: Database shadowing creates a replica of the database on another database server for redundancy purposes. This is not what is described in the question. References: , 2nd Edition, Wiley Publishing, Indianapolis, 2004, p.

Answer 579

Correct Answer: A The domain of a relation is the set of allowable values that an attribute can take. In other words, it is the values that can be entered in a column (attribute) of a table (relation). References: , 5th Edition, Wiley Publishing, Indianapolis, 2011, p. 272

Answer 580

Correct Answer: D SQL offers three classes of operators for creating views: select, project, and join. ✑ The select operator serves to shrink the table vertically by eliminating unwanted rows (tuples). ✑ The project operator serves to shrink the table horizontally by removing unwanted columns (attributes). Most commercial implementations of SQL do not support a project operation, instead projections are achieved by specifying the columns desired in the output. ✑ The join operator allows the dynamic linking of two tables that share a common column value. Incorrect Answers: A: SQL offers three classes of operators for creating views: select, project, and join. However, modern implementations of SQL do not support a project operation, instead projections are achieved by specifying the columns desired in the output. Nevertheless, project is a SQL operator. B: Insert is a SQL command used to insert data into a table. It is not used to output a view. C: Create is a SQL command used to create a new database, table, view, or index. However, the data or output of the view requires a select statement to shrink the table vertically by not showing unwanted rows, a project operation that shrinks the table horizontally by not showing unwanted columns, and a join statement when data from more than one table is required. References: http://db.grussell.org/section010.html http://databasemanagement.wikia.com/wiki/Relational_Database_Model

Answer 581

Correct Answer: A An object-oriented database (OODB) has classes to define the attributes and procedures of its objects, which can be a variety of data types such as images, audio, documents, and video. This complex data is required for computer-aided design and imaging. Incorrect Answers: B: An object-relational database (ORD) is a relational database with a software front end that is written in an object-oriented programming language and is used with Object-Oriented Databases (OODB). It does not store data. C: A relational database organizes data into two-dimensional tables consisting of attributes (columns) and tuples (rows). It is not suited to storing complex data types such as video, graphics, etc. D: The database management system (DBMS) is a software suite that is used to manage access to the database and provides data integrity and redundancy. It is usually controlled by a database administrator. References: , 6th Edition, McGraw-Hill, New York, 2013, pp. 1170, 1171, 1173-1174, 1175

Answer 582

Correct Answer: B Polyinstantiation enables a table, which is also known as a relation, to contain multiple tuples with the same primary keys, with each instance distinguished by a security level. At a lower security level the tuple will not contain sensitive data and it will effectively be hidden from users who do not have the appropriate access permissions. Incorrect Answers: A: Data mining is the process of analyzing large amounts of data to determine patterns that would not previously be apparent. C: Cell suppression is a technique used to hide specific cells in a database that contain information that could be used in inference attacks. D: Noise and perturbation is a technique of inserting fake information in a database in an attempt to misdirect an attacker or create sufficient confuse that the actual attack will not be fruitful. References: , 6th Edition, McGraw-Hill, New York, 2013, pp. 1185, 1186, 1188

Answer 583

Correct Answer: B Interpreters translate one command at a time during run-time or execution time. Incorrect Answers: A: A translator converts source code to another format, which could be another high-level language, an intermediate language, or machine language. C: A compiler converts high-level language source code to the necessary a target language for specific processors to understand. D: An assembler converts assembly language source code into machine code that the computer understands. References: , 6th Edition, McGraw-Hill, New York, 2013, pp. 1128-1130

Answer 584

Correct Answer: D Component Object Model (COM) is a model that allows for interprocess communication within one application or between applications on the same computer system. The model was created by Microsoft and outlines standardized APIs, component naming schemes, and communication standards. So if I am a developer and I want my application to be able to interact with the Windows operating system and the different applications developed for this platform, I will follow the COM outlined standards. Distributed Component Object Model (DCOM) supports the same model for component interaction, and also supports distributed interprocess communication (IPC). COM enables applications to use components on the same systems, while DCOM enables applications to access objects that reside in different parts of a network. So this is how the client/server-based activities are carried out by COM-based operating systems and/or applications. Incorrect Answers: A: Dynamic Data Exchange (DDE) allows information to be shared or communicated between programs on one computer, not across networked computers. B: Object linking and embedding (OLE) provides a way for objects to be shared on a local personal computer and to use COM as their foundation. OLE enables objectssuch as graphics, clipart, and spreadsheetsto be embedded into documents. This is not what is described in the question. C: Open Database Connectivity (ODBC) is an API that allows an application to communicate with a database, either locally or remotely. This is not what is described in the question. References: , 6th Edition, McGraw-Hill, New York, 2013, pp. 1146, 1176

Answer 585

Correct Answer: C Distributed Computing Environment (DCE) does provide the same functionality as DCOM, but it is NOT more proprietary than DCOM. Distributed Computing Environment (DCE) is a standard developed by the Open Software Foundation (OSF), also called Open Group. It is a client/server framework that is available to many vendors to use within their products. This framework illustrates how various capabilities can be integrated and shared between heterogeneous systems. DCE provides a Remote Procedure Call (RPC) service, security service, directory service, time service, and distributed file support. It was one of the first attempts at distributed computing in the industry. DCE is a set of management services with a communications layer based on RPC. It is a layer of software that sits on the top of the network layer and provides services to the applications above it. DCE and Distributed Component Object Model (DCOM) offer much of the same functionality. DCOM, however, was developed by Microsoft and is more proprietary in nature. Incorrect Answers: A: It is true that DCE is a layer of software that sits on the top of the network layer and provides services to the applications above it. B: It is true that DCE uses a Universal Unique Identifier (UUID) to uniquely identify users, resources and components. D: It is true that DCE is a set of management services with a communication layer based on RPC. References: , 6th Edition, McGraw-Hill, New York, 2013, pp. 1146, 1142

Answer 586

Correct Answer: A Constrained user interfaces limit users access abilities by not allowing them to request certain functions or information, or to have access to specific system resources. Incorrect Answers: C: Mini user interfaces are designed for hand-held devices like smartphones. References: , 6th Edition, McGraw-Hill, 2013, pp. 228 http://www.reinteract.org/design/mini.html

Answer 587

Correct Answer: C A padded cell system is used in Intrusion Detection Systems (IDSs) and is similar to a honeypot. When an IDS detects an intruder, that intruder is automatically transferred to a padded cell. The padded cell has the look and layout of the actual network, but within the padded cell the intruder can neither perform malicious activities nor access any confidential data. Incorrect Answers: A: Noise and perturbation is a database security technique of inserting fake information in the database to misdirect an attacker or cause confusion on the part of the attacker that the actual attack will not be fruitful. B: Cell suppression is a database security technique used to hide specific cells in a database that contain information that could be used in inference attacks. D: Partitioning is a database security technique that involves dividing the database into different parts, which makes it much harder for an unauthorized individual to find connecting pieces of data that can be brought together and other information that can be deduced or uncovered. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 1185 , 5th Edition, Wiley Publishing, Indianapolis, 2011, p. 58

Answer 588

Correct Answer: A In database design, the cardinality or fundamental principle of one data table with respect to another is a critical aspect. The relationship of one to the other must be precise and exact between each other in order to explain how each table links together. In the relational model, tables can be related as any of "one-to-many" or "many-to-many." This is said to be the cardinality of a given table in relation to another. Incorrect Answers: B: The number of columns in a relation would be the size of the key. It is not the cardinality of the relation. C: Cardinality concerns the relation between two tables, not allowable attributes. D: Cardinality concerns one specific relation between two tables, not the number of relations in a database. References: https://en.wikipedia.org/wiki/Cardinality_(data_modeling)

Answer 589

Correct Answer: D Backward chaining (or backward reasoning) is an inference method that can be described as working backward from the goal/hypothesis. It is used in automated theorem provers, inference engines, proof assistants and other artificial intelligence applications. Incorrect Answers: A: A blackboard system is an artificial intelligence application based on the blackboard architectural model, where a common knowledge base, the "blackboard", is iteratively updated by a diverse group of specialist knowledge sources, starting with a problem specification and ending with a solution. B: Lateral chaining is not one of the expert system operating modes. C: Forward chaining is the opposite of backward chaining. Forward chaining starts with the available data and uses inference rules to extract more data until a goal (hypothesis) is reached. References: https://en.wikipedia.org/wiki/Backward_chaining

Answer 590

Correct Answer: A A rootkit is a set of tools placed on a system that has already been compromised. The attacker usually replaces default system tools with compromised tools, which share the same name. Most rootkits contain sniffers, so the data can be captured and reviewed by the attacker; and "log scrubbers," which remove traces of the attackers activities from the system logs. Incorrect Answers: B: A user-level rootkit does not have as much access or privilege compared to a kernel-level rootkit and would not include device drivers. C: Malware is a very broad term that describes any software that is written to do something nefarious. D: Kernel-mode Badware is not a valid computer term. References: , 6th Edition, McGraw-Hill, New York, 2013, pp. 1202-1204

Answer 591

Correct Answer: D A covert channel is a way for an entity to receive information in an unauthorized manner. It is an information flow that is not controlled by a security mechanism. The channel to transfer this unauthorized data is the result of one of the following conditions: ✑ Improper oversight in the development of the product ✑ Improper implementation of access controls within the software ✑ Existence of a shared resource between the two entities which are not properly controlled By using a shared resource matrix a covert channel can be located. Incorrect Answers: A: A shared resource matrix is not used to locate malicious code. Malicious code, such as viruses or Trojan horses, is used to infect a computer to make it available for takeover and remote control. B: A shared resource matrix is not used to locate the security flaw of covert channels, but not to locate security flaws in general. C: You do not use a shared resource matrix to locate a trapdoor. A backdoor (or trapdoor) in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing unauthorized remote access to a computer, or obtaining access to plaintext while attempting to remain undetected. The backdoor may take the form of a hidden part of a program; a separate program (e.g., Back Orifice) may subvert the system through a rootkit. References: , 2nd Edition, Syngress, Waltham, 2012, p. 378

Answer 592

Correct Answer: C Polyinstantiation enables a table, which is also known as a relation, to contain multiple tuples with the same primary keys, with each instance distinguished by a security level. Incorrect Answers: A: A relational database management system (RDBMS) is a database management system (DBMS) that is based on the relational model. The database management system (DBMS) is a software suite that is used to manage access to the database and provides data integrity and redundancy. It is usually controlled by a database administrator. B: Polymorphism is a concept in object-oriented programming in which objects are created from the same parent class but have overload operators and performing different methods. D: Polyinstantiation does allow a relation (table) to contain multiple tuples (rows) with the same primary key. References: , 6th Edition, McGraw-Hill, New York, 2013, pp. 1136, 1170, 1186 http://en.wikipedia.org/wiki/Polyinstantiation https://en.wikipedia.org/wiki/Relational_database_management_system https://en.wikipedia.org/wiki/Polymorphism_(computer_science)

Answer 593

Correct Answer: C The purpose of trusted distribution is to ensure that the Trusted Computing Base is not tampered with during shipment or installation. Hostile attacks may occur on computer systems when they are in use, but it is also possible for computer systems to be attacked even before they are installed at a customer site. Trusted distribution is one link in a chain of assurances provided by trusted systems. It is helpful to take a look at all of the other activities that take place to ensure that the system in operation is the one that the vendor and customer agree upon. The following is a summary of the assurances that are needed to ensure that the product delivered to a customer site is operating under a correct implementation of the system's security policy: ✑ Assurance that the product evaluated is the one the manufacturer built ✑ Assurance that the product built is the one that was sent ✑ Assurance that the product sent is the one the customer site received. Incorrect Answers: A: It is not the purpose of trusted distribution to ensure that messages sent from a central office to remote locations are free from tampering. B: It is not the purpose of trusted distribution to prevent the sniffing of data as it travels through an untrusted network enroute to a trusted network. D: It is not the purpose of trusted distribution to ensure that messages received at the Trusted Computing Base are not old messages being resent as part of a replay attack. References: http://home.bi.no/fag86013/annet/trdistgd.html

Answer 594

Correct Answer: B The Pretty Good Privacy (PGP) email encryption system was developed by Phil Zimmerman. For encrypting messages, it actually uses AES with up to 256-bit keys, CAST, TripleDES, IDEA and Twofish. RSA is also used in PGP, but only for symmetric key exchange and for digital signatures, but not for encryption. Cryptography (pages 154, 169). More info on PGP can be found on their site at http://www.pgp.com/display.php?pageID=29

Answer 595

Correct Answer: A In computer science, hierarchical protection domains, often called protection rings, are a mechanism to protect data and functionality from faults (fault tolerance) and malicious behavior (computer security). This approach is diametrically opposite to that of capability based security. Computer operating systems provide different levels of access to resources. A protection ring is one of two or more hierarchical levels or layers of privilege within the architecture of a computer system. This is generally hardware-enforced by some CPU architectures that provide different CPU modes at the hardware or microcode level. Rings are arranged in a hierarchy from most privileged (most trusted, usually numbered zero) to least privileged (least trusted, usually with the highest ring number). On most operating systems, Ring 0 is the level with the most privileges and interacts most directly with the physical hardware such as the CPU and memory. Special gates between rings are provided to allow an outer ring to access an inner ring's resources in a predefined manner, as opposed to allowing arbitrary usage. Correctly gating access between rings can improve security by preventing programs from one ring or privilege level from misusing resources intended for programs in another. For example, spyware running as a user program in Ring 3 should be prevented from turning on a web camera without informing the user, since hardware access should be a Ring 1 function reserved for device drivers. Programs such as web browsers running in higher numbered rings must request access to the network, a resource restricted to a lower numbered ring. Ring Architecture - References: OIG CBK Security Architecture and Models (page 311) https://en.wikipedia.org/wiki/Ring_%28computer_security%29

Answer 596

Correct Answer: A Pipelining is a natural concept in everyday life, e.g. on an assembly line. Consider the assembly of a car: assume that certain steps in the assembly line are to install the engine, install the hood, and install the wheels (in that order, with arbitrary interstitial steps). A car on the assembly line can have only one of the three steps done at once. After the car has its engine installed, it moves on to having its hood installed, leaving the engine installation facilities available for the next car. The first car then moves on to wheel installation, the second car to hood installation, and a third car begins to have its engine installed. If engine installation takes 20 minutes, hood installation takes 5 minutes, and wheel installation takes 10 minutes, then finishing all three cars when only one car can be assembled at once would take 105 minutes. On the other hand, using the assembly line, the total time to complete all three is 75 minutes. At this point, additional cars will come off the assembly line at 20 minute increments. In computing, a pipeline is a set of data processing elements connected in series, so that the output of one element is the input of the next one. The elements of a pipeline are often executed in parallel or in time-sliced fashion; in that case, some amount of buffer storage is often inserted between elements. Pipelining is used in processors to allow overlapping execution of multiple instructions within the same circuitry. The circuitry is usually divided into stages, including instruction decoding, arithmetic, and register fetching stages, wherein each stage processes one instruction at a time. The following were not correct answers: CISC: is a CPU design where single instructions execute several low-level operations (such as a load from memory, an arithmetic operation, and a memory store) within a single instruction. RISC: is a CPU design based on simplified instructions that can provide higher performance as the simplicity enables much faster execution of each instruction. Multitasking: is a method where multiple tasks share common processing resources, such as a CPU, through a method of fast scheduling that gives the appearance of parallelism, but in reality only one task is being performed at any one time. Reference: http://en.wikipedia.org/wiki/Pipeline_(computing)

Answer 597

Correct Answer: A Very long instruction word (VLIW) describes a computer processing architecture in which a language compiler or pre-processor breaks program instruction down into basic operations that can be performed by the processor in parallel (that is, at the same time). These operations are put into a very long instruction word which the processor can then take apart without further analysis, handing each operation to an appropriate functional unit. The following answer are incorrect: The term "CISC" (complex instruction set computer or computing) refers to computers designed with a full set of computer instructions that were intended to provide needed capabilities in the most efficient way. Later, it was discovered that, by reducing the full set to only the most frequently used instructions, the computer would get more work done in a shorter amount of time for most applications. Intel's Pentium microprocessors are CISC microprocessors. The PowerPC microprocessor, used in IBM's RISC System/6000 workstation and Macintosh computers, is a RISC microprocessor. RISC takes each of the longer, more complex instructions from a CISC design and reduces it to multiple instructions that are shorter and faster to process. RISC technology has been a staple of mobile devices for decades, but it is now finally poised to take on a serious role in data center servers and server virtualization. The latest RISC processors support virtualization and will change the way computing resources scale to meet workload demands. A superscalar CPU architecture implements a form of parallelism called instruction level parallelism within a single processor. It therefore allows faster CPU throughput than would otherwise be possible at a given clock rate. A superscalar processor executes more than one instruction during a clock cycle by simultaneously dispatching multiple instructions to redundant functional units on the processor. Each functional unit is not a separate CPU core but an execution resource within a single CPU such as an arithmetic logic unit, a bit shifter, or a multiplier. References: http://whatis.techtarget.com/definition/0,,sid9_gci214395,00.html http://searchcio-midmarket.techtarget.com/definition/CISC http://en.wikipedia.org/wiki/Superscalar

Answer 598

Correct Answer: A Effective address = address as given in instruction. This requires space in an instruction for quite a large address. It is often available on CISC machines which have variable-length instructions, such as x86. Some RISC machines have a special Load Upper Literal instruction which places a 16-bit constant in the top half of a register. An OR literal instruction can be used to insert a 16-bit constant in the lower half of that register, so that a full 32-bit address can then be used via the register-indirect addressing mode, which itself is provided as "base-plus-offset" with an offset of 0. http://en.wikipedia.org/wiki/Addressing_mode http://www.comsci.us/ic/notes/am.html

Answer 599

Correct Answer: C Internal consistency ensures that internal data is consistent, the subtotals match the total number of units in the data base. Internal Consistency, External Consistency, Well formed transactions are all terms related to the Clark-Wilson Model. The Clark-Wilson model was developed after Biba and takes some different approaches to protecting the integrity of information. This model uses the following elements: ✑ Users Active agents ✑ Transformation procedures (TPs) Programmed abstract operations, such as read, write, and modify ✑ Constrained data items (CDIs) Can be manipulated only by TPs ✑ Unconstrained data items (UDIs) Can be manipulated by users via primitive read and write operations ✑ Integrity verification procedures (IVPs) Check the consistency of CDIs with external reality Although this list may look overwhelming, it is really quite straightforward. When an application uses the Clark-Wilson model, it separates data into one subset that needs to be highly protected, which is referred to as a constrained data item (CDI), and another subset that does not require a high level of protection, which is called an unconstrained data item (UDI). Users cannot modify critical data (CDI) directly. Instead, the subject (user) must be authenticated to a piece of software, and the software procedures (TPs) will carry out the operations on behalf of the user. For example, when Kathy needs to update information held within her companys database, she will not be allowed to do so without a piece of software controlling these activities. First, Kathy must authenticate to a program, which is acting as a front end for the database, and then the program will control what Kathy can and cannot do to the information in the database. This is referred to as access triple: subject (user), program (TP), and object (CDI). A user cannot modify CDI without using a TP. Well Formed Transactions A well-formed transaction is a series of operations that are carried out to transfer the data from one consistent state to the other. If Kathy transfers money from her checking account to her savings account, this transaction is made up of two operations: subtract money from one account and add it to a different account. By making sure the new values in her checking and savings accounts are accurate and their integrity is intact, the IVP maintains internal and external consistency. The Clark-Wilson model also outlines how to incorporate separation of duties into the architecture of an application. If we follow our same example of banking software, if a customer needs to withdraw over $ 10,000, the application may require a supervisor to log in and authenticate this transaction. This is a countermeasure against potential fraudulent activities. The model provides the rules that the developers must follow to properly implement and enforce separation of duties through software procedures. Incorrect Answers: A: External consistency is where the data matches the real world. If you have an automated inventory system the numbers in the data must be consistent with what your stock actually is. th Edition (Kindle Locations 8188-8195). McGraw-Hill. Kindle Edition.

Answer 600

Correct Answer: A The ability of a TCB to correctly enforce a security policy depends solely on the mechanisms within it and the correct input by system administrative personnel of parameters related to security policy. For example, if Jane only has a "CONFIDENTIAL" clearance, a system administrator could foil the correct operation of a TCB by providing input to the system that gave her a "SECRET" clearance. "It is defined in the Orange Book" is an incorrect choice. The TCB is defined in the Orange Book (TCSEC or Trusted Computer System Evaluation Criteria). "It includes hardware, firmware and software" is incorrect. The TCB does includes the combination of all hardware, firmware and software responsible for enforcing the security policy. "A higher TCB rating will require that details of their testing procedures and documentation be reviewed with more granularity" is incorrect. As the level of trust increases (D through A), the level of scrutiny required during evaluation increases as well. References: CBK, pp. 323 - 324, 329 330 AIO3, pp.269 272.

Answer 601

Correct Answer: B An overt channel is a path within a computer system or network that is designed for the authorized transfer of data. The opposite would be a covert channel which is an unauthorized path. A covert channel is a way for an entity to receive information in an unauthorized manner. It is an information flow that is not controlled by a security mechanism. This type of information path was not developed for communication; thus, the system does not properly protect this path, because the developers never envisioned information being passed in this way. Receiving information in this manner clearly violates the systems security policy. 219.

Answer 602

Correct Answer: A It was David Bell and Leonard LaPadula who, in 1973, first described the DoD multilevel military security policy in abstract, formal terms. The Bell-LaPadula is a Mandatory Access Control (MAC) model concerned with confidentiality. Rivest, Shamir and Adleman (RSA) developed the RSA encryption algorithm. Whitfield Diffie and Martin Hellman published the Diffie-Hellman key agreement algorithm in 1976. David Clark and David Wilson developed the Clark-Wilson integrity model, more appropriate for security in commercial activities. References: RUSSEL, Deborah & GANGEMI, G.T. Sr., Computer Security Basics, O'Reilly, July 1992 (pages 78,109).

Answer 603

Correct Answer: A A protection domain consists of the execution and memory space assigned to each process. The purpose of establishing a protection domain is to protect programs from all unauthorized modification or executional interference. The security perimeter is the boundary that separates the Trusted Computing Base (TCB) from the remainder of the system. Security labels are assigned to resources to denote a type of classification. Abstraction is a way to protect resources in the fact that it involves viewing system components at a high level and ignoring its specific details, thus performing information hiding. Chapter 5: Security Architecture and Models (page 193).

Answer 604

Correct Answer: D Accreditation: is an administrative declaration by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards. It is usually based on a technical certification of the system's security mechanisms. Certification: Technical evaluation (usually made in support of an accreditation action) of an information system\'s security features and other safeguards to establish the extent to which the system\'s design and implementation meet specified security requirements. References: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.

Answer 605

Correct Answer: B

Answer 606

Correct Answer: A A trusted shell means that someone who is working in that shell cannot "bust out of it", and other processes cannot "bust into it". 323).

Answer 607

Correct Answer: A From the official guide: "The publication of the Common Criteria as the ISO/IEC 15408 standard provided the first truly international product evaluation criteria. It has largely superseded all other criteria, although there continue to be products in general use that were certified under TCSEC, ITSEC and other criteria. It takes a very similar approach to ITSEC by providing a flexible set of functional and assurance requirements, and like ITSEC, it is not very proscriptive as TCSEC had been. Instead, it is focused on standardizing the general approach to product evaluation and providing mutual recognition of such evaluations all over the world." Incorrect Answers: B: ISO 27001 ISO/IEC 27000 is part of a growing family of ISO/IEC Information Security Management Systems (ISMS) standards, the 'ISO/IEC 27000 series'. ISO/IEC 27000 is an international standard entitled: Information technology Security techniques Information security management systems Overview and vocabulary. C: ISO 14000 is a family of standards related to environmental management that exists to help organizations (a) minimize how their operations (processes etc.) negatively affect the environment (i.e. cause adverse changes to air, water, or land); (b) comply with applicable laws, regulations, and other environmentally oriented requirements, and (c) continually improve in the above. ISO 14000 is similar to ISO 9000 quality management in that both pertain to the process of how a product is produced, rather than to the product itself. As with ISO 9000, certification is performed by third-party organizations rather than being awarded by ISO directly. The ISO 19011 audit standard applies when auditing for both 9000 and 14000 compliance at once. The requirements of ISO 14000 are an integral part of the European Unions environmental management scheme EMAS. EMASs structure and material requirements are more demanding, foremost concerning performance improvement, legal compliance and reporting duties. D: ISO/TS 22002- Prerequisite programmes on food safetyPart 1: Food manufacturing https://en.wikipedia.org/wiki/ISO_14000 https://en.wikipedia.org/wiki/ISO/IEC_27000 https://en.wikipedia.org/wiki/ISO_22000

Answer 608

Correct Answer: B The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including networks, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment. Platform-as-a-Service (PaaS) is a model of service delivery whereby the computing platform is provided as an on-demand service upon which applications can be developed and deployed. Its main purpose is to reduce the cost and complexity of buying, housing, and managing the underlying hardware and software components of the platform, including any needed program and database development tools. The development environment is typically special purpose, determined by the cloud provider and tailored to the design and architecture of its platform. The cloud consumer has control over applications and application environment settings of the platform. Security provisions are split between the cloud provider and the cloud consumer. Incorrect Answers: C: Software-as-a-Service (SaaS) is a model of service delivery whereby one or more applications and the computational resources to run them are provided for use on demand as a turnkey service. Its main purpose is to reduce the total cost of hardware and software development, maintenance, and operations. Security provisions are carried out mainly by the cloud provider. The cloud consumer does not manage or control the underlying cloud infrastructure or individual applications, except for preference selections and limited administrative application settings. D: Infrastructure-as-a-Service (IaaS) is a model of service delivery whereby the basic computing infrastructure of servers, software, and network equipment is provided as an on- demand service upon which a platform to develop and execute applications can be established. Its main purpose is to avoid purchasing, housing, and managing the basic hardware and software infrastructure components, and instead obtain those resources as virtualized objects controllable via a service interface. The cloud consumer generally has broad freedom to choose the operating system and development environment to be hosted. Security provisions beyond the basic infrastructure are carried out mainly by the cloud consumer D: Code as a Service does not exist. There is no such service model.

Answer 609

Correct Answer: A

Answer 610

Correct Answer: D Hackers are classified as a human threat and not a classification by itself. All the other answers are incorrect. Threats result from a variety of factors, although they are classified in three types: Natural (e.g., hurricane, tornado, flood and fire), human (e.g. operator error, sabotage, malicious code) or technological (e.g. equipment failure, software error, telecommunications network outage, electric power failure). References: SWANSON, Marianne, & al., National Institute of Standards and Technology (NIST), http://csrc.nist.gov/publications/nistpubs/800-34-rev1/sp800-34-rev1_errata- Nov11-2010.pdf, June 2002 (page 6).

Answer 611

Correct Answer: A The Criticality Survey is implemented through a standard questionnaire to gather input from the most knowledgeable people. Not all personnel that is going to be part of recovery teams is necessarily able to help in identifying critical functions of the organization. The intent of such a survey is to identify the services and systems that are critical to the organization. Having a clearly stated purpose for the survey helps in avoiding misinterpretations. Management's approval of the survey should be obtained before distributing it.

Answer 612

Correct Answer: B In general, reliability (systemic def.) is the ability of a person or system to perform and maintain its functions in routine circumstances, as well as hostile or unexpected circumstances. Mean-time-between failure (MTBF) is the average length of time the hardware is functional without failure. Mean-time-to-repair is the amount of time it takes to repair and resume normal operation after a failure has occurred. Having a higher MTBF and a lower MTTR will increase the reliability of a piece of equipment, thus the system's overall reliability. Planning & Disaster Recovery Planning (page 496). http://en.wikipedia.org/wiki/Reliability

Answer 613

Correct Answer: C

Answer 614

Correct Answer: B The Common Criteria for Information Technology Security Evaluation (abbreviated as Common Criteria or CC) is an international standard (ISO/IEC 15408) for computer security certification. It is currently in version 3.1 revision 4. Common Criteria is a framework in which computer system users can specify their security functional and assurance requirements (SFRs and SARs respectively) through the use of Protection Profiles (PPs), vendors can then implement and/or make claims about the security attributes of their products, and testing laboratories can evaluate the products to determine if they actually meet the claims. In other words, Common Criteria provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous and standard and repeatable manner at a level that is commensurate with the target environment for use. Common Criteria is used as the basis for a Government driven certification scheme and typically evaluations are conducted for the use of Federal Government agencies and critical infrastructure. References: http://en.wikipedia.org/wiki/Common_Criteria

Answer 615

Correct Answer: C An investigator's notebook cannot be used as evidence is court. It can only be used by the investigator to refresh his memory during a proceeding, but cannot be submitted as evidence in any form. Incorrect Answers: A: When the investigator is unwilling to testify. Is incorrect because the notebook cannot be submitted as evidence in any form. B: When other forms of physical evidence are not available. Is incorrect because the notebook cannot be submitted as evidence in any form. D: If the defense has no objections. Is incorrect because the notebook cannot be submitted as evidence in any form.

Answer 616

Correct Answer: A A red box is a phreaking device that generates tones to simulate inserting coins in pay phones, thus fooling the system into completing free calls. In the US, a dime is represented by two tones, a nickel by one, and a quarter by a set of 5 tones. Any device capable of playing back recorded sounds can potentially be used as a red box. Commonly used devices include modified Radio Shack tone dialers, personal MP3 players, and audio- recording greeting cards. BLUE BOX An early phreaking tool, the blue box is an electronic device that simulates a telephone operator's dialing console. It functions by replicating the tones used to switch long-distance calls and using them to route the user's own call, bypassing the normal switching mechanism. The most typical use of a blue box was to place free telephone calls - inversely, the Black Box enabled one to receive calls which were free to the caller. The blue box no longer works in most western nations, as modern switching systems are now digital and no longer use the inband signaling which the blue box emulates. Instead, signaling occurs on an out-of-band channel which cannot be accessed from the line the caller is using (called Common Channel Interoffice Signaling (CCIS)). BLACK BOX The black box (as distinguished from blue boxes and red boxes), sometimes called an Agnew (see Spiro (device) for the origin of the nickname), was a device built by phone phreaks during the 1960s and 1970s in order to defeat long distance phone call toll charges, and specifically to block the supervision signal sent by the receiving telephone handset when the call was answered at the receiving end of the call. The act of picking up the handset of a telephone causes a load to be put on the telephone line, so that the DC voltage on the line drops below the approximately 45 volts present when the phone is disconnected. The black box consisted of a large capacitor which was inserted in series with the telephone, thereby blocking DC current but allowing AC current (i.e., ringing signal and also audio signal) to pass. When the black box was switched into the telephone line, the handset could be picked up without the telephone system knowing and starting the billing process. In other words, the box fooled the phone company into thinking no one had answered at the receiving end, and therefore billing was never started on the call. WHITE BOX The white box is simply a portable Touch-Tone Keypad. References: http://en.wikipedia.org/wiki/Red_box_(phreaking) http://en.wikipedia.org/wiki/Blue_box http://www.bombshock.com/archive/Phreaking_and_Phone_Systems/Box_Plans/

Answer 617

Correct Answer: B

Answer 618

Correct Answer: D Administrative/regulatory law deals with regulatory standards that regulate performance and conduct. Government agencies create these standards, which are usually applied to companies and individuals within those companies.

Answer 619

Correct Answer: B To understand the whys in crime, many times it is necessary to understand the Motivations, Opportunities, and Means (MOM). Motivations are the who and why of a crime. Opportunities are the where and when of a crime, and Means pertains to the capabilities a criminal would need to be successful. Methods is not a component of MOM.

Answer 620

Correct Answer: D The Fourth Amendment does not apply to a seizure or an arrest by private citizens. Search and seizure activities can get tricky depending on what is being searched for and where. For example, American citizens are protected by the Fourth Amendment against unlawful search and seizure, so law enforcement agencies must have probable cause and request a search warrant from a judge or court before conducting such a search. The actual search can only take place in the areas outlined by the warrant. The Fourth Amendment does not apply to actions by private citizens unless they are acting as police agents. So, for example, if Kristys boss warned all employees that the management could remove files from their computers at any time, and her boss was not a police officer or acting as a police agent, she could not successfully claim that her Fourth Amendment rights were violated. Kristys boss may have violated some specific privacy laws, but he did not violate Kristys Fourth Amendment rights. In some circumstances, a law enforcement agent may seize evidence that is not included in the warrant, such as if the suspect tries to destroy the evidence. In other words, if there is an impending possibility that evidence might be destroyed, law enforcement may quickly seize the evidence to prevent its destruction. This is referred to as exigent circumstances, and a judge will later decide whether the seizure was proper and legal before allowing the evidence to be admitted. For example, if a police officer had a search warrant that allowed him to search a suspects living room but no other rooms, and then he saw the suspect dumping cocaine down the toilet, the police officer could seize the cocaine even though it was in a room not covered under his search warrant. After evidence is gathered, the chain of custody needs to be enacted and enforced to make sure the evidences integrity is not compromised.

Answer 621

Correct Answer: A The exclusionary rule mentions that evidence must be gathered legally or it can't be used. The principle based on federal Constitutional Law that evidence illegally seized by law enforcement officers in violation of a suspect's right to be free from unreasonable searches and seizures cannot be used against the suspect in a criminal prosecution. The exclusionary rule is designed to exclude evidence obtained in violation of a criminal defendant's Fourth Amendment rights. The Fourth Amendment protects against unreasonable searches and seizures by law enforcement personnel. If the search of a criminal suspect is unreasonable, the evidence obtained in the search will be excluded from trial. The exclusionary rule is a court-made rule. This means that it was created not in statutes passed by legislative bodies but rather by the U.S. Supreme Court. The exclusionary rule applies in federal courts by virtue of the Fourth Amendment. The Court has ruled that it applies in state courts although the due process clause of the Fourteenth Amendment. (The Bill of Rightsthe first ten amendments applies to actions by the federal government. The Fourteenth Amendment, the Court has held, makes most of the protections in the Bill of Rights applicable to actions by the states.) The exclusionary rule has been in existence since the early 1900s. Before the rule was fashioned, any evidence was admissible in a criminal trial if the judge found the evidence to be relevant. The manner in which the evidence had been seized was not an issue. This began to change in 1914, when the U.S. Supreme Court devised a way to enforce the Fourth Amendment. In Weeks v. United States, 232 U.S. 383, 34 S. Ct. 341, 58 L. Ed. 652 (1914), a federal agent had conducted a warrantless search for evidence of gambling at the home of Fremont Weeks. The evidence seized in the search was used at trial, and Weeks was convicted. On appeal, the Court held that the Fourth Amendment barred the use of evidence secured through a warrantless search. Weeks's conviction was reversed, and thus was born the exclusionary rule. The best evidence rule concerns limiting potential for alteration. The best evidence rule is a common law rule of evidence which can be traced back at least as far as the 18th century. In Omychund v Barker (1745) 1 Atk, 21, 49; 26 ER 15, 33, Lord Harwicke stated that no evidence was admissible unless it was "the best that the nature of the case will allow". The general rule is that secondary evidence, such as a copy or facsimile, will be not admissible if an original document exists, and is not unavailable due to destruction or other circumstances indicating unavailability. The rationale for the best evidence rule can be understood from the context in which it arose: in the eighteenth century a copy was usually made by hand by a clerk (or even a litigant). The best evidence rule was predicated on the assumption that, if the original was not produced, there was a significant chance of error or fraud in relying on such a copy. The hearsay rule concerns computer-generated evidence, which is considered second- hand evidence. Hearsay is information gathered by one person from another concerning some event, condition, or thing of which the first person had no direct experience. When submitted as evidence, such statements are called hearsay evidence. As a legal term, "hearsay" can also have the narrower meaning of the use of such information as evidence to prove the truth of what is asserted. Such use of "hearsay evidence" in court is generally not allowed. This prohibition is called the hearsay rule. For example, a witness says "Susan told me Tom was in town". Since the witness did not see Tom in town, the statement would be hearsay evidence to the fact that Tom was in town, and not admissible. However, it would be admissible as evidence that Susan said Tom was in town, and on the issue of her knowledge of whether he was in town. Hearsay evidence has many exception rules. For the purpose of the exam you must be familiar with the business records exception rule to the Hearsay Evidence. The business records created during the ordinary course of business are considered reliable and can usually be brought in under this exception if the proper foundation is laid when the records are introduced into evidence. Depending on which jurisdiction the case is in, either the records custodian or someone with knowledge of the records must lay a foundation for the records. Logs that are collected as part of a document business process being carried at regular interval would fall under this exception. They could be presented in court and not be considered Hearsay. http://legal- dictionary.thefreedictionary.com/Exclusionary+Rule http://en.wikipedia.org/wiki/Exclusionary_rule http://en.wikipedia.org/wiki/Hearsay_in_United_States_law#Hearsay_exceptions

Answer 622

Correct Answer: C The Generally Accepted System Security Principles (GASSP) are security- oriented principles and do not specifically cover viruses or worms. However, it is not a best practice to create and distribute worms :-) GAISP is based on a solid consensus-building process that is central to the success of this approach. Principles at all levels are developed by information security practitioners who fully understand the underlying issues of the documented practices and their application in the real world. Then, these principles will be reviewed and vetted by skilled information security experts and authorities who will ensure that each principle is: ✑ Accurate, complete, and consistent ✑ Compliant with its stated objective ✑ Technically reasonable ✑ Well-presented, grammatically and editorially correct ✑ Conforms to applicable standards and guideline The principles are: 1. Computer security supports the mission of the organization 2. Computer security is an integral element of sound management 3. Computer security should be cost-effective 4. Systems owners have security responsibilities outside their own organization 5. Computer security responsibilities and accountability should be made explicit 6. Computer security requires a comprehensive and integrated approach 7. Computer security should be periodically reassessed 8. Computer security is constrained by societal factors NOTE: The GAISP are no longer supported or active. NIST is now producing standards for the US government. However, there are still remnant of GAISP on the exam and as you can see the list is most certainly applicable today on the ethics side. The GAISP is also known as NIST SP 800-14. References: http://csrc.nist.gov/publications/nistpubs/800-14/800-14.pdf Investigation, and Ethics (page 302). http://all.net/books/standards/GAISP-v30.pdf

Answer 623

Correct Answer: C Secondary evidence is defined as a copy of evidence or oral description of its contents. It is considered not as reliable as best evidence. Evidence that proves or disproves a specific act through oral testimony based on information gathered through he witness's five senses is considered direct evidence. The fact that testimony is given by an expert only affects the witness's ability to offer an opinion instead of only testifying of the facts. Chapter 9: Law, Investigation, and Ethics (page 310).

Answer 624

Correct Answer: D Circumstantial evidence is defined as inference of information from other, intermediate, relevant facts. Secondary evidence is a copy of evidence or oral description of its contents. Conclusive evidence is incontrovertible and overrides all other evidence and hearsay evidence is evidence that is not based on personal, first-hand knowledge of the witness, but was obtained from another source. Computer-generated records normally fall under the category of hearsay evidence. Chapter 9: Law, Investigation, and Ethics (page 310)ㄅ

Answer 625

Correct Answer: B Hearsay evidence is not normally admissible in court unless it has firsthand evidence that can be used to prove the evidence's accuracy, trustworthiness, and reliability like a business person who generated the computer logs and collected them. It is important that this person generates and collects logs as a normal part of his business and not just this one time for court. It has to be a documented process that is carried out daily. The value of evidence depends upon the genuineness and competence of the source; therefore, since record collection is not an activity likely to be performed by senior or executive management, records collected by senior or executive management are not likely to be admissible in court. Hearsay evidence is usually not admissible in court unless it meets the Business Records Exemption rule to the Hearsay evidence. ✑ In certain instances computer records fall outside of the hearsay rule (e.g., business records exemption) ✑ Information relates to regular business activities ✑ Automatically computer generated data ✑ No human intervention ✑ Prove system was operating correctly ✑ Prove no one changed the data If you have a documented business process and you make use of intrusion detection tools, log analysis tools, and you produce daily reports of activities, then the computer generated data might be admissible in court and would not be considered Hearsay Evidence.

Answer 626

Correct Answer: C Entrapment occurs when a law enforcement agent or someone acting as an "agent" of law enforcement induces a person to commit a crime not contemplated by the person. A person who makes a knowingly false representation designed to induce the belief that the conduct is not prohibited, or employs methods of persuasion or inducement which create a substantial risk that such an offense will be committed by persons other than those who are ready to commit it. Basically, the Chatter Bot could possibly induce a person to engage in conduct that the person would not otherwise have engaged in if the chatterbot did not "feed" the information to the person. Entrapment does not prove that a person intended to commit a crime. It only proves that a person was successfully tricked into committing a crime. Incorrect Answers: A, D: Violation of Privacy and Freedom of Speech do not apply in the commission of the crime. B: Enticement is very easily confused with entrapment. Enticement is the act of coaxing or luring someone do something (but not necessarily a criminal act). Enticement is legal and ethical. A good example of Enticement would be the use of a HoneyPot. If a person is lured into a honey pot because there are open ports that may be probed, that is enticement. The person who proceeds by poking into those open ports is enticed and proceeds to commit a crime based on their own actions. However, if a person is lured with a false promise of an illegal bounty that awaits them if they follow a link to a honeypot, (for example, a link that promises free movie downloads), that is entrapment because the lure may be so overwhelming that even an innocent person may be tempted to proceed in the commission of the illegal act. References: Black's Law Dictionary

Answer 627

``` Correct Answer: C If a company decides to terminate the activity thatis introducing the risk, this is known as risk avoidance. For example, if a company allows employees to use instant messaging (IM), there are many risks surrounding this technology. The company could decide notto allow any IM activity by their users because there is not a strong enough business need for its continued use. Discontinuing this service is an example of risk avoidance. By being proactive and removing the vulnerability causing the risk, we are avoiding the risk. ```

Answer 628

Correct Answer: A Trusted recovery ensures that security is not breached when a system crash or other system failure (sometimes called a “discontinuity”) occurs. It must ensure that the system is restarted without compromising its required protection scheme, and that it can recover and rollback without being compromised after the failure. Trusted recovery is required only for B3 and A1 level systems. A system failure represents a serious security risk because the security controls may be bypassed when the system is not functioning normally. For example, if a system crashes while sensitive data is being written to a disk (where it would normally be protected by controls), the data may be leftunprotected in memory and may be accessible by unauthorized personnel. Trusted recovery has two primary activities — preparing for a system failure and recovering the system.

Answer 629

Correct Answer: A The U.S. Department of Defense developed the Trusted Computer System Evaluation Criteria (TCSEC), which was used to evaluate operating systems, applications, and different products. These evaluation criteria are published in a book known as the Orange Book. TCSEC provides a classification system that is divided into hierarchical divisions of assurance levels: A. Verified protection B. Mandatory protection C. Discretionary protection D. Minimal security Classification A represents the highest level of assurance, and D represents the lowest level of assurance. Level B is the lowest level that requires mandatoryprotection. Level A, being a higher level also requires mandatory protection.

Answer 630

Correct Answer: A A system that employs the Bell-LaPadula model is called a multilevel security system because users with different clearances use the system, and the system processes data at different classification levels. The level at which information is classified determines the handling procedures that should be used. The BellLaPadula model is a state machine model that enforces the confidentiality aspects of access control. Amatrix and security levels are used to determine if subjects can access different objects. The subject’s clearance is compared to the object’sclassification and then specific rules are applied to control how subjectto-object interactions can take place. This model uses subjects, objects, access operations (read, write, and read/write), and security levels. Subjects and objects can reside at different security levels and will have relationships and rules dictating theacceptable activities between them.

Answer 631

Correct Answer: B A Protocol Analyzer (also known as a packet sniffer) is a useful tool for testing or troubleshooting network communications. A Protocol Analyzer is a hardware device or more commonly a software program used to capture network data communications sent between devices on a network. Capturing packets sent from a computer system is known as packet sniffing. The ability to browse information passing on a network is a security risk which means access to a protocol analyzer should be carefully managed and therefore addressed by security policy.

Answer 632

Correct Answer: B A threat is any potential danger that is associatedwith the exploitation of a vulnerability. The threat is that someone, or something, will identify a specific vulnerability and use it against the company or individual. The entity that takes advantage of a vulnerability is referred to as a threat agent. A threatagent could be an intruder accessing the network through a port onthe firewall, a process accessing data in a way that violates the security policy, a tornado wiping out a facility, or an employee making an unintentional mistake that could expose confidential information.

Answer 633

Correct Answer: A Typical security administrator functions may include the following: Setting user clearances, initial passwords, and other security characteristics for new users Changing security profiles for existing users Setting or changing file sensitivity labels Setting the security characteristics of devices andcommunications channels Reviewing audit data

Answer 634

Correct Answer: A The system development life cycle (SDLC) is the process of developing an information system. The SDLC includes the Initiation, Development and Acquisition, Implementation, Operation and Maintenance and Disposal phases. The initiation phase includes determining the system’s goals and feasibility. The systems feasibility includes its system requirements and how well they match with operational processes. The requirements of a contingency plan should be analyzed based on the system’srequirements and design.

Answer 635

Correct Answer: C In the Operation/maintenance phase the system is used and cared for. Proper authentication of the users and processes must be developed in this phase.

Answer 636

Correct Answer: D The mechanism that automatically causes an alarm originating in a data center to be transmitted over the local municipal fire or police alarm circuits for relaying to both the local police/fire station and the appropriate headquarters is known as an auxiliary station alarm. Alarm systems may have auxiliary alarms that ring at the local fire or police stations. Most central station systems include this feature, which requirespermission form the local authorities before implementation.

Answer 637

Correct Answer: B Environmental errors include utility failure, service outage, natural disasters, or neighboring hazards. Any issue with the environment in which a systemis installed is known as an environmental error. Maintaining appropriate temperature and humidity isimportant in any facility, especially facilities with computer systems. Improper levels of either cancause damage to computers and electrical devices. High humidity can cause corrosion, and low humidity can cause excessive static electricity. This static electricity can short out devices, cause the loss of information, or provide amusing entertainment for unsuspecting employees. Lower temperatures can cause mechanisms to slow or stop, and higher temperatures can cause devices to use too much fan power and eventually shut down.

Answer 638

Correct Answer: D Lucifer was adopted and modified by the U.S. National Security Agency (NSA) to establish the U.S. DataEncryption Standard (DES) in 1976.

Answer 639

Correct Answer: B When information is encrypted using a public key, it can only be decrypted by using the associated private key. As the recipient is the only person with the private key, the recipient is the only person who can decrypt the message. This provides a form of authentication in that the recipient's identity can be positively verified by the sender. If the receiver replies to the message,the sender knows that the intended recipient received the message.

Answer 640

Correct Answer: D “Risks” is not one of the three areas that the Physical Security domain focuses on. The Physical Security domain addresses the threats,vulnerabilities, and countermeasures that can be utilized to physically protect an enterprise’s resources and sensitive information. These resources include personnel, the facility in which they work, and the data, equipment, support systems, and media with whichthey work. Physical security often refers to the measures taken to protect systems, buildings, and their related supporting infrastructure against threats that are associated with the physical environment.

Answer 641

Correct Answer: A Julius Caesar (100–44 B.C.) developed a simple method of shifting letters of the alphabet. He simply shifted the alphabet by three positions. Today, this technique seems too simplistic to be effective, but in the time of Julius Caesar, not verymany people could read in the first place, so it provided a high level of protection. The Caesar cipher is an example of a monoalphabetic cipher. Once more people could read and reverse-engineer this type of encryption process, the cryptographers of that day increased the complexity by creating polyalphabetic ciphers. In the 16th century in France, Blaise de Vigenere developed a polyalphabetic substitution cipher for Henry III. This was based on the Caesar cipher, but it increased the difficulty of the encryption and decryption process.

Answer 642

Correct Answer: B When two computers (peers) use IPsec to communicate, they create two kinds of security associations. In the first, called main mode or phase one, the peers mutually authenticate themselves to each other, thus establishing trust between the computers. In the second, called quick mode or phase two, the peers will negotiate the particulars of the security association, including how they will digitally sign and encrypt traffic between them.

Answer 643

Correct Answer: A CHAP (Challenge Handshake Authentication Protocol) is not used within IKE and IPSec. Internet Key Exchange (IKE or IKEv2) is the protocol used to set up a security association (SA) in theIPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP. IKE uses X.509 certificates for authentication - either pre-shared or distributed using DNS and a Diffie–Hellman key exchange - to set up a shared session secret from which cryptographic keys are derived. IKE phase one's purpose is to establish a secure authenticated communication channel by using the Diffie–Hellman key exchange algorithm to generate a shared secret key to encrypt further IKE communications. This negotiation results in one single bi-directional ISAKMP Security Association (SA). The authentication can be performed using either pre-shared key (shared secret), signatures, or public key encryption.

Answer 644

Correct Answer: C In cryptography, PKCS #1 is the first of a family of standards called Public-Key Cryptography Standards (PKCS), published by RSA Laboratories. It provides the basic definitions of and recommendations for implementing the RSA algorithm for public-key cryptography. It defines the mathematical properties of publicand private keys, primitive operations for encryption and signatures, secure cryptographic schemes, and related ASN.1 syntax representations.

Answer 645

Correct Answer: C The value of items to be protected can be determined by a critical-path analysis. The critical-path analysis lists all pieces of an environment and how they interact.

Answer 646

Correct Answer: C Public Key describes a system that uses certificates or the underlying public key cryptography on which the system is based. In the traditional public key model, clients are issued credentials or "certificates" by a CertificateAuthority (CA). The CA is a trusted third party. Public key certificates contain the user's name, the expiration date of the certificate etc. The most common certificate format is X.509. Public key credentials in the form of certificates and public-private key pairs can provide a strong distributed authentication system. The Kerberos and public key trust models are very similar. A Kerberos ticket is analogous to a public key certificate (a Kerberos ticket is supplied to provide access to resources). However, Kerberos tickets usually have lifetimes measured in days or hours rather than months or years.

Answer 647

Correct Answer: C The National Institute of Standards and Technology (NIST) issues the 140 Publication Series to coordinate the requirements and standards for cryptographic modules which include both hardware and software components for use by departments and agencies of theUnited States federal government. FIPS 140 does not purport to provide sufficient conditions to guarantee that a module conforming to its requirements is secure, still less that a system built using such modules is secure. The requirements cover not only the cryptographic modules themselves but also their documentation and (at the highest security level) some aspects of the comments contained in the source code.

Answer 648

Correct Answer: C Occasionally, a certificate authority needs to revoke a certificate. This might occur for one of the following reasons: The certificate was compromised. The certificate was erroneously issued. The details of the certificate changed. The security association changed. The revocation request grace period is the maximum response time within which a CA will perform any requested revocation. This is defined in the certificate practice statement (CPS). The CPS states the practices a CA employs when issuing or managing certificates.

Answer 649

Correct Answer: A A CA revocation mailing list is NOT a suitable method for distributing certificate revocation information. There are several mechanisms to represent revocation information; RFC 2459 defines one such method. This method involves each CA periodically issuing a signed data structure called a certificate revocation list (CRL). A CRL is a time stamped list identifying revoked certificates, which is signed by a CA and made freely available in a public repository. There are several types of CRLs: full CRLs (also known as base CRLs), delta CRLs, and CRL DistributionPoints (CDPs). Full CRLs contain the status of all certificates. Delta CRLs contain only the status ofall certificates that have changed status between the issuance the last Base CRL. CRL Distribution Point (CDP) is a certificate extension that indicates where the certificate revocation list for a CA can be retrieved. This extension can contain multiple HTTP, FTP, File or LDAP URLs for the retrieval of the CRL. Online Certificate Status Protocol (OCSP) is a protocol that allows real-time validation of a certificate's status by having the CryptoAPI make a call toan OCSP responder and the OCSP responder providing an immediate validation of the revocation status for the presented certificate. Typically, the OCSP responder uses CRLs for retrieving certificate status information.

Answer 650

Correct Answer: C An Authority Revocation List (ARL) is a list of serial numbers for public key certificates issued to certificate authorities that have been revoked, and therefore should not be relied upon.

Answer 651

Correct Answer: B ISAKMP defines actions and packet formats to establish, negotiate, modify and delete Security Associations. It is distinct from key exchange protocols with the intention of cleanly separating the details of security association management and key management fromthe details of key exchange.

Answer 652

Correct Answer: D The Oakley Key Determination Protocol is a key-agreement protocol that allows authenticated parties toexchange keying material across an insecure connection by making use of the Diffie–Hellman key exchange algorithm. It formed the basis for the more widely used Internet key exchange protocol.

Answer 653

Correct Answer: B Simple Key-management for Internet Protocols (SKIP)was a protocol developed by the IETF Security Working Group for the sharing of encryption keys. It is a hybrid Key distribution protocol.

Answer 654

Correct Answer: A A chosen-ciphertext attack is one in which a cryptanalyst may choose a piece of ciphertext and attemptto obtain the corresponding decrypted plaintext. This type of attack is generally most applicable to public-key cryptosystems.

Answer 655

Correct Answer: B Cipher locks, also known as programmable locks, arekeyless and use keypads to control access into an area or facility. The lock requires a specific combination to be entered into the keypad and possibly a swipe card. They cost more than traditional locks, but the ircombinations can be changed, specific combination sequence values can be locked out, and personnel who are in trouble or under duress can enter a specific code that will open the door and initiate a remote alarm at the same time. Thus, compared to traditional locks, cipher locks can provide a much higher level ofsecurity and control over who can access a facility.

Answer 656

Correct Answer: D In a dry pipe system, there is no water standing inthe pipe — it is being held back by a clapper valve. In the event of a fire, the valve opens, the airis blown out of the pipe, and the water flows.

Answer 657

Correct Answer: B The most prevalent cause of computer center fires is electrical distribution systems. Most computer circuits use only two to five volts of direct current, which usually cannot start a fire. If a fire does happen in a computer room, it willmost likely be an electrical fire caused by overheating of wire insulation or by overheating components that ignite surrounding plastics. Prolonged smoke usually occurs before combustion.

Answer 658

Correct Answer: B The internal walls of your processing facility mustbe a floor to ceiling slab with a one-hour minimumfire rating. Any adjacent walls where records suchas paper, media, etc. must have a two-hour minimum fire rating. There are different regulations that exist for external walls from state to state.

Answer 659

Correct Answer: D The AC units used in an information processing facility must be dedicated and controllable from withinthe area. They must be on an independent power source from the rest of the room and have a dedicated Emergency Power Off switch. It is positive, not negative pressure that forces smoke and other gases out ofthe room.

Answer 660

Correct Answer: A Crime Prevention Through Environmental Design (“CPTED”) is the design, maintenance, and use of the built environment in order to enhance quality of life and to reduce both the incidence and fear of crime. Territoriality means providing clear designation between public, private, and semi-private areas and makes it easier for people to understand, and participate in, an area’s intended use. Territoriality communicates a sense of active “ownership” of an area that can discourage the perception that illegal acts may be committed in the area without notice or consequences. The use ofsee-through screening, low fencing, gates, signage, different pavement textures, or other landscaping elements that visually show the transition between areas intended for different uses are examples of the principle of territoriality.

Answer 661

Correct Answer: D Doorways with automatic locks can be configured to be fail-safe or fail-secure. A fail-safe setting means that if a power disruption occurs that affects the automated locking system, the doors default to being unlocked. Fail-safe deals directly with protecting people. If people work in an area and there is a fire or the power is lost, it is not a good idea to lock them in. A fail-secure configuration means that the doors default to being locked if there are any problems with the power. If people do not need to use specific doors for escape during an emergency, then these doors can most likely default to fail-secure settings.

Answer 662

Correct Answer: D An uninterruptible power supply (UPS) helps to ensure the continued supply of clean, steady power; it does not threaten it. An uninterruptible power supply (UPS) is an electrical apparatus that provides emergency power to a load when the input power source, typically mains power, fails. A UPS differs from an auxiliary or emergency power system or standby generator in that it will providenear-instantaneous protection from input power interruptions, by supplying energy stored in batteries, supercapacitors, or flywheels. The on-battery runtime of most uninterruptible power sources is relatively short (only a few minutes) but sufficient to start a standby power source or properly shut down the protected equipment.

Answer 663

Correct Answer: D The occupant emergency plan (OEP) provides the “response procedures for occupants of a facility in theevent of a situation posing a potential threat to the health and safety of personnel, the environment, or property. Such events would include a fire, hurricane, criminal attack, or a medical emergency.”

Answer 664

Correct Answer: D Heat-activated detectors provide the earliest warning possible of a fire outbreak. They should be placed below the raised floors as this is where the cabling most likely to cause an electrical fire is. Heat-activated detectors can be configured to soundan alarm either when a predefined temperature (fixed temperature) is reached or when the temperature increases over a period of time (rate-of-rise). Rate-of-rise temperature sensors usually provide a quicker warning than fixed-temperature sensors becausethey are more sensitive, but they can also cause more false alarms. The sensors can either be spaced uniformly throughout a facility, or implemented in a line type of installation, which is operated by a heat-sensitivecable. It is not enough to have these fire and smoke detectors installed in a facility; they must be installed in the right places. Detectors should be installed both on and above suspended ceilings and raised floors, because companies run many types of wires in both places that could start an electrical fire. No one would know about the fire until it broke through the floor or dropped ceiling if detectors were not placed in these areas.

Answer 665

Correct Answer: B Section: Communication and Network Security Explanation: Serial Line Internet Protocol (SLIP) is an older technology developed to support TCP/IP communications over asynchronous serial connections, such as serial cables or modem dial - up.

Answer 666

Correct Answer: B Section: Communication and Network Security Explanation: Firewalls filter traffic based on a defined set of rules. The rules must be configured correctly for the firewall to provide the intended security.

Answer 667

Correct Answer: A Section: Communication and Network Security Explanation: Event logging is available in both TACACS and TACACS+

Answer 668

Explanation: | Wireless Transport Layer Security (WTLS) provides security connectivity services similar to those of SSL or TLS.

Answer 669

Correct Answer: B Section: Communication and Network Security Explanation: The data link layer is responsible for proper communication within the network components and for changing the data into the necessary format (electrical voltage) for the physical layer. It is concerned with local delivery of frames between devices on the same LAN.

Answer 670

Correct Answer: C Section: Communication and Network Security Explanation: RG-58 was once widely used in "thin" Ethernet (10BASE2), where it provides a maximum segment length of185 meters. Incorrect Answers: A: 10BaseT has a maximal distance of 100 meters. B: RG-8 has a maximal distance of 500 meters. D: 10Base5 has a maximal distance of 500 meters

Answer 671

Correct Answer: B Section: Communication and Network Security Explanation: HTTP Secure (HTTPS) is HTTP running over SSL. The client browser generates a session key and encrypts it with the server’s public key

Answer 672

Correct Answer: D Section: Communication and Network Security Explanation: PPTP is an encapsulation protocol based on PPP thatworks at OSI layer 2 (Data Link) and that enables a single point-to-point connection, usually betweena client and a server. While PPTP depends on IP to establishits connection. As currently implemented, PPTP encapsulates PPP packets using a modified version of the generic routing encapsulation (GRE) protocol, whichgives PPTP to the flexibility of handling protocols other than IP, such as IPX and NETBEUI over IP networks. PPTP does have some limitations: It does not provide strong encryption for protecting data, nor does it support any token-based methods for authenticating users. L2TP is derived from L2F and PPTP, not the opposite.

Answer 673

Correct Answer: C Section: Communication and Network Security Explanation: Statistical time-division multiplexing (STDM) transmits several types of data simultaneously across a single transmission cable or line. The communication channel is divided into an arbitrary number of variable bit-rate digital channels or data streams.

Answer 674

Correct Answer: B Section: Communication and Network Security Explanation: Network Intrusion Detection Systems (NIDS) are placed at a strategic point, such as between the internet-facing router and the firewall, within the network to monitor traffic to and from all devices on the network. Incorrect Answers: A: A host-based IDS is an IDS that is installed on a single computer and can monitor the activities onthat computer only. C: It is better to place the IDS between the DMZ and the internet. D: A host-based IDS is an IDS that is installed on a single computer and can monitor the activities onthat computer only.

Answer 675

Correct Answer: A Section: Communication and Network Security Explanation: Tunnel mode, not transport mode, is required for gateway services. Incorrect Answers: B: Transport mode is allowed between two end hosts only. C: As Transport mode only is allowed between two end hosts, the gateway must act as a host. D: ESP operates directly on top of IP. The encryption is only applied to the upper layer protocols contained in the packet.

Answer 676

Correct Answer: C Section: Communication and Network Security Explanation: Encrypted authentication is a firewall feature thatallows users on an external network to authenticate themselves to prove that they are authorized to access resources on the internal network. Encrypted authentication is convenient because it happens at the transport layer between a client software and a firewall, allowing all normal application software to run without hindrance.

Answer 677

Correct Answer: C Section: Communication and Network Security Explanation: Fiber-optic cable is expensive and difficult to work with.

Answer 678

Correct Answer: C Section: Communication and Network Security Explanation: Ports up to 1023 are called well-known ports and are reserved for server-side services. The sending system must choose a dynamic port higher than 1023 when it sets up a connection with another entity. The dynamic packet-filtering firewall then creates an Access Control List (ACL) that allows the external entity to communicate with the internal system. Incorrect Answers: A: A Packet filtering firewall makes access decisions based upon network-level protocol header values.It does not use port numbers. B: A Circuit level proxy works at the session layerand does not use ports. D: An Application level proxy works at the packet level, not at the port level. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 640

Answer 679

Correct Answer: A Section: Communication and Network Security Explanation: Knowledge-based detection is also called signature-based detection. In this case the IDS use a signature database and attempts to match all monitored events to its contents. Behavior-based detection is also called statisticalintrusion detection, anomaly detection, and heuristics-based detection. Incorrect Answers: B: Behavior-based IDS is not dynamical anomaly-based. Behavior-based IDS can be said to be statisticalanomaly-based. C: A knowledge-based IDS uses signatures, not anomalies.

Answer 680

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: In a carefully crafted buffer overflow attack, the stack is filled properly so the return pointer can be overwritten and control is given to the malicious instructions that have been loaded onto the stack instead of back to the requesting application. This allows the malicious instructions to be executed in the security context of the requesting application. In this example the buffer is filled with NOP's (No Operation) commands followed by the instruction that the attacker wants to be executed.

Answer 681

Correct Answer: D Section: Identity and Access Management Explanation: Identity management is the combination of business process and technology used to manage data on IT systems and applications about users. Managed data includes user objects, identity attributes, security entitlements and authentication factors. Enterprises manage identity data about two broad kinds of users: Insiders: including employees and contractors. Theyoften access multiple internal systems and their identity profiles are relatively complex. Outsiders: including customers, partners and vendors. There are normally many more outsiders than insiders. One of the challenges presented by Identity management is scalability. Enterprises manage user profile data for large numbers of people. There may be tens of thousands of insiders and hundreds of thousands of outsiders. Any identity management system used in this environment must scale to support the data volumes and peak transaction rates produced by large user populations. Incorrect Answers: A: Increasing the number of points of failures is not key management challenge regarding identity management solutions. There should be no single points of failure but this would be more of a concern for the IT department than management. B: Users not being able to “recycle” their password for different applications is not a concern for management. C: A working scalable identity management system is more important to management than the cost. The resource requirement for identity management technologies is not that much when compared to the cost of other systems.

Answer 682

Correct Answer: A Section: Identity and Access Management Explanation: A passphrase is a sequence of characters that is longer than a password. The user enters this phrase into an application, and the application transforms the value into a virtual password, making the passphrase the length and format that is required by the application. (For example, an application may require your virtual password to be 128 bits to be used as a key with the AES algorithm.) If a user wants to authenticate to an application, such as Pretty Good Privacy (PGP), he types in a passphrase, let’s say StickWithMeKidAndYouWillWearDiamonds. The application converts this phrase into a virtual password that is used for the actual authentication. A passphrase is more secure than a password becauseit is longer, and thus harder to obtain by an attacker. In many cases, the user is more likely to remember a passphrase than a password.

Answer 683

Correct Answer: A Section: Identity and Access Management Explanation: Extensible Authentication Protocol (EAP) is definedas: A framework that supports multiple, optional authentication mechanisms for PPP, including clear-text passwords, challenge-response, and arbitrary dialog sequences. The Extensible Authentication Protocol (EAP) is a protocol for wireless networks that expands on authentication methods used by the Point-to-Point Protocol (PPP), a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication. Incorrect Answers: B: The definition in the question does not describe Challenge Handshake Authentication Protocol. C: The definition in the question does not describe Remote Authentication Dial-In User Service. D: The definition in the question does not describe Multilevel Authentication Protocol.

Answer 684

Correct Answer: D Section: Identity and Access Management Explanation: Masquerading is the term used when one user pretends to be another user. Strong authentication is the best defense against this. Authentication is based on the following three factor types: Type 1. Something you know, such as a PIN or password Type 2. Something you have, such as an ATM card or smart card Type 3. Something you are (physically), such as a fingerprint or retina scan Biometrics verifies an individual’s identity by analyzing a unique personal attribute or behavior, which is one of the most effective and accurate methods of verifying identification. A biometric authentication such as a fingerprint cannot be imitated which makes biometrics the best defense against masquerading attacks. Incorrect Answers: A: A user Id and password can be guessed by an attacker. This is not the best identification and authentication method to prevent local masquerading attacks. B: A smart card can be stolen and the PIN guessed by an attacker. This is not the best identification and authentication method to prevent local masquerading attacks. C: Two-factor authentication is more secure than other methods but still less secure than biometrics. Two-factor authentication could comprise of “something you have” and “something you know”. The “something you have” such as a smart card could be stolen by an attacker and the “something you know” such as a PIN could be guessed. This is not the best identification and authentication method to prevent local masquerading attacks.

Answer 685

Correct Answer: B Section: Identity and Access Management Explanation: Identification and authentication are the keystonesof most access control systems. Identification is the act of a user professing an identity to a system, usually in the form of a log-on ID to the system. Identification establishes user accountability for the actions on the system. Authentication is verification that the user’s claimed identity is valid and is usually implemented through a user password at log-on time. To ‘ensure’ accountability, the user must prove that they are who they say they are. This is the function of authentication. Therefore, authentication best ensures accountability of users for the actions taken within a system or domain.

Answer 686

Correct Answer: A Section: Identity and Access Management Explanation: Single Sign-On (SSO) addresses the cumbersome situation of logging on multiple times to access different resources. In SSO, a user provides one ID and password per work session and is automatically logged-on to all the required applications. SSO can be implemented by using scripts that replay the users’multiple log-ins, or by using authentication servers to verify a user’s identity and encrypted authentication tickets to permit access to system services. Incorrect Answers: B: Dynamic Sign-On is not the correct term to describe an authentication system that can be implemented through scripts or smart agents that replay the users multiple log-ins against authentication servers to verify a user's identity which permit access to system services. C: Smart cards provide static or dynamic passwords or certificates to authenticate a user. The authentication happens every time the smart card is presented and the login. This is not what is described in the question. D: Kerberos can be used to implement Single-Sign on. However, “single sign-on” is the term described in the question.

Answer 687

Correct Answer: B Section: Identity and Access Management Explanation: A biometric system executes a one-to-many comparison against a biometric database in attempt to establish the identity of an unknown user in identification mode. If the comparison of the biometric sample to a template in the database falls within a threshold previously set, identifying the individual will succeed.

Answer 688

Correct Answer: C Section: Identity and Access Management Explanation: Biometrics is used for identification in physical controls and for authentication in logical controls.Physical controls are items put into place to protect facility, personnel, and resources. As a physical control, biometrics provides protection by identifying a person to see if that person is authorized to access a facility. When a user is identified and granted physical access toa facility, biometrics can be used for authentication in logical controls to provide access to resources. Controls are put into place to reduce the risk an organization faces, and they come in three main flavors: administrative, technical, and physical. Administrative controls are commonly referred to as “soft controls” because they are more management-oriented. Examples of administrative controls are security documentation, risk management, personnel security, and training. Technical controls (also called logical controls) are software or hardware components, as in firewalls, IDS, encryption, identification and authentication mechanisms. And physical controls are items put into place to protect facility, personnel, and resources. Examples of physical controls are security guards, locks, fencing, and lighting.

Answer 689

Correct Answer: A Section: Identity and Access Management Explanation: A passphrase is a sequence of characters that is longer than a password and, in some cases, takes the place of a password during an authentication process. Passphrases are long static passwords, which is made up of words in a phrase or sentence.

Answer 690

Correct Answer: B Section: Identity and Access Management Explanation Explanation/Reference: A Synchronous token generates a one-time password that is only valid for a short period of time. Once the password is used it is no longer valid, and it expires if not entered in the acceptable time frame. Incorrect Answers: A: Although variable callback systems are more flexible than fixed callback systems, the system assumes the identity of the individual unless two-factor authentication is also implemented. C: Callback systems authenticate a person, but anyone can pretend to be that person. They are tied to a specific place and phone number, which can be spoofed by implementing call-forwarding. D: The caller ID and callback functionality provides greater confidence and auditability of the caller's identity. However, unless combined with strong authentication, any individual at the location could obtain access.

Answer 691

Correct Answer: B Explanation: The cost of the biometric identification system is a financial consideration, not a security consideration. The data acquisition process refers to how a user’sbiometric data will be acquired. Will you use a fingerprint scan, a retina scan, a palm scan etc. This is an obvious security characteristic to be considered while choosing a biometric identification system. The enrollment process refers to how the user’s biometric data will be initially acquired and the datastored as a template for comparison for future identifications. This is also a security characteristic to be considered while choosing a biometric identification system. The speed and user interface are security characteristics to be considered while choosing a biometric identification system. You need a biometric identification system that does not keep the user waiting before being identified and authenticated. The user interface for a biometric identification system should include instructional and feedback aspects that would enable users to use the system effectively without assistance.

Answer 692

Correct Answer: A Explanation: In cryptography, a public key certificate (or identity certificate) is an electronic document which incorporates a digital signature to bind together a public key with an identity — information such as the name of a personor an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an individual. Incorrect Answers: B: In computer security, an authorization certificate (also known as an attribute certificate) is a digital document that describes a written permission from the issuer to use a service or a resource that the issuer controls or has access to use. C: A root certificate is an unsigned or a self-signed public key certificate that identifies the Root Certificate Authority (CA). D: Code signing digitally signs executables and scripts to verify the software author and guarantee that the code has not been changed or tainted since it was signed by use of a cryptographic hash.

Answer 693

Correct Answer: A Section: Identity and Access Management Explanation: A one-time or dynamic password is no longer valid and, if obtained by a hacker, cannot be reused afterit has been used. A one-time or dynamic password is used in environments where a higher level of security than static passwords is required.

Answer 694

Correct Answer: C Section: Identity and Access Management Explanation: Kerberos is a third-party authentication service that can be used to support SSO. Incorrect Answers: A: Non-repudiation provides assurance that a specific user performed a specific transaction that did not change. It is not, however, the primary service provided by Kerberos. B: Confidentiality strives to prevent unauthorized read access to data. It is not, however, the primary service provided by Kerberos. D: Authorization refers to the actions you are allowed to carry out on a system after identification and authentication has taken place. It is not, however, the primary service provided by Kerberos.

Answer 695

Correct Answer: A Section: Identity and Access Management Explanation: In Kerberos implementations where the use of an authenticator is configured, the user sends their identification information and a timestamp and sequencenumber encrypted with the shared session key to the requested service, which then decrypts this information and compares it with the identification data the KDCsent to it about this requesting user. If the data matches, the user is allowed access to the requested service. 服務器還會檢查身份驗證器，如果該時間戳有效，它將向客戶端提供請求的服務。即使用戶主體存在於票證中，並且只有應用程序服務器才能提取並可能管理此類信息（由於票證已使用服務的秘密密鑰加密），但這不足以保證客戶端的真實性。當合法客戶將票證發送到應用程序服務器時，冒名頂替者可以捕獲（記住一個開放且不安全的網絡的假設）票證，並在適當時機將其發送給非法獲取服務。另一方面，將機器的IP地址包括在可以使用的地方不是很有用：眾所周知，在開放和不安全的網絡中，地址很容易被偽造。為了解決該問題，必須利用這樣一個事實，即客戶機和服務器，至少在會話期間，具有一個只有他們自己才知道的會話密鑰（KDC自生成它以來也知道它，但是從定義上來說，它是受信任的！）。 !!）。因此，將應用以下策略：客戶端與包含票證的請求一起添加另一個包（身份驗證器），其中包含用戶主體和時間戳（當時是它），並使用會話密鑰對其進行加密；必須提供服務的服務器在收到此請求後，將第一張票解包，提取會話密鑰，並且如果用戶確實是他/她說的那個人，則服務器可以對身份驗證器進行解密，以提取時間戳。如果後者與服務器時間相差不到2分鐘（但是可以配置容差），則認證成功。這強調了屬於同一領域的機器之間同步的重要性。

Answer 696

Correct Answer: A Section: Identity and Access Management Explanation: Kerberos is a trusted, third party authentication protocol that was developed under Project Athena at MIT. In Greek mythology, Kerberos is a three-headeddog that guards the entrance to the Underworld. Using symmetric key cryptography, Kerberos authenticates clients to other entities on a network of which a client requires services. Kerberos addresses the confidentiality and integrity of information. It does not directly address availability and attacks such as frequency analysis.

Answer 697

Correct Answer: C Explanation: TACACS has been through three generations: TACACS, Extended TACACS (XTACACS), and TACACS+. TACACS combines its authentication and authorization processes; XTACACS separates authentication, authorization, and auditing processes; and TACACS+ is XTACACS with extended two-factor user authentication. TACACS uses fixed passwords for authentication, while TACACS+ allows users to employ dynamic (one-time) passwords, which provides more protection. The original TACACS was developed during the days of ARPANET which is the basis for the Internet. TACACS uses UDP as its communication protocol. TACACS + uses TCP as its communication protocol. TACACS已經經歷了三代：TACACS，擴展TACACS（XTACACS）和TACACS +。 TACACS結合了其認證和授權過程； XTACACS將身份驗證，授權和審核過程分開； TACACS +是具有擴展的兩因素用戶身份驗證的XTACACS。 TACACS使用固定密碼進行身份驗證，而TACACS +則允許用戶使用動態（一次性）密碼，從而提供了更多的保護。最初的TACACS是在ARPANET時代（互聯網的基礎）開發的。 TACACS使用UDP作為其通信協議。 TACACS +使用TCP作為其通信協議。

Answer 698

Correct Answer: B Explanation: Identification and authentication are the keystonesof most access control systems. Identification is the act of a user professing an identity to a system, usually in the form of a log-on ID to the system. Identification establishes user accountability for the actions on the system. Authentication is verification that the user’s claimed identity is valid and is usually implemented through a user password at log-on time. Audit trails list the actions performed by the useraccount used to perform the actions. However, if all the users are using the same user account, you have no way of knowing which person performed which action. Therefore, you have no “accountability”.

Answer 699

Correct Answer: C Section: Security Assessment and Testing Explanation: Two points are important to consider when it comes to ethical hacking: integrity and independence. By not using an ethical hacking firm that hires or subcontracts to ex-hackers of others who have criminal records, an entire subset of risks can be avoided by an organization. Also, it is not cost-effective for a single firm to fund the effort of the ongoing research and development, systems development, and maintenance that is needed to operate state-of-the-art proprietary and open source testing tools and techniques. External penetration firms are more effective than internal penetration testers because they are not influenced by any previous system security decisions, knowledge of the current system environment, or future system security plans. Moreover, an employee performing penetration testing might be reluctant to fully report security gaps. A.它們更具成本效益 B.他們缺乏公司偏見 C.他們使用才華橫溢的前黑客 D.他們確保報告更加完整說明：在進行道德黑客攻擊時，有兩點需要考慮：完整性和獨立性。通過不使用僱用或分包給擁有犯罪記錄的其他人的前黑客的道德黑客公司，組織可以避免全部風險。此外，一家公司為進行最新的專有和開放源代碼測試工具和技術而需要進行的持續研發，系統開發和維護工作的成本效益也不合算。外部滲透公司比內部滲透測試人員更有效，因為它們不受任何先前的系統安全決策，當前系統環境的知識或將來的系統安全計劃的影響。此外，執行滲透測試的員工可能不願意完全報告安全漏洞。

Answer 700

``` Correct Answer: B Section: Security Assessment and Testing Explanation: Pivoting is a method that makes use of the compromised system to attack other systems on the same network to avoid restrictions that might prohibit direct access to all machines. ```

Answer 701

Correct Answer: B Section: Security Assessment and Testing Explanation: You should always separate test and development environments. When testing a system, you need to isolate the system to ensure the test system is controlled and stable. This will ensure the system is tested in a realistic environment that mirrors the live environment as closely as possible. Access control methods can be used to easily separate the test and development environments.

Answer 702

Correct Answer: B Section: Security Assessment and Testing Explanation: Verification is the process of determining whether the product accurately represents and meets the design specifications given to the developers. Incorrect Answers: A: Validation is the process of determining whether the product provides the necessary solution for the real-world problem that is was created to solve.

Answer 703

Correct Answer: C Section: Security Assessment and Testing Explanation: Formal approval of BCP scope is not part of the vulnerability assessment. A vulnerability assessment identifies a wide range of vulnerabilities in the environment. Vulnerability assessments just find the vulnerabilities (the holes). A vulnerability assessment is theprocess of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system.

Answer 704

Correct Answer: D Section: Security Operations Explanation: Operations Security refers to the act of understanding the threats to and vulnerabilities of computer operations in order to routinely support operational activities that enable computer systems to function correctly.It also refers to the implementation of security controls for normal transaction processing, system administration tasks, and critical external support operations. These controls can include resolving software or hardware problems along with the proper maintenance of auditing and monitoring processes. Like the other domains, the Operations Security domain is concerned with triples — threats, vulnerabilities, and assets. A threat in the Operations Security domain can be defined as an event that could cause harm by violating the security. An example of an operations threat would be an operator’s abuse of privileges, there by violating confidentiality. A vulnerability is defined as a weakness in a system that enables security to be violated. An example of an operations vulnerability would be a weak implementation of the separation of duties. An asset is considered anything that is a computingre source or ability, such as hardware, software, data, and personnel. 操作安全性是指了解計算機操作的威脅和漏洞以例行支持使計算機系統正常運行的操作活動的行為，也指對正常事務處理，系統管理任務和安全性的安全控制的實施。重要的外部支持操作。這些控制措施可以包括解決軟件或硬件問題，以及適當維護審核和監視過程。與其他域一樣，Operations Security域也涉及三元組-威脅，漏洞和資產。可以將“操作安全性”域中的威脅定義為可能因違反安全性而造成損害的事件。操作威脅的一個例子是操作員濫用特權，從而侵犯了機密性。漏洞定義為系統中的弱點，使安全性遭到破壞。業務漏洞的一個例子是分工職責執行不力。資產被視為任何具有計算資源或能力的東西，例如硬件，軟件，數據和人員

Answer 705

Correct Answer: A Section: Security Operations Explanation: Nonrepudiation is the assurance that someone cannotdeny something. Typically, nonrepudiation refers to the ability to ensure that a party to a contract or a communication cannot deny the authenticity of theirsignature on a document or the sending of a message that they originated. For example, if a user sends a message and then later claims he did not send it, this is an act of repudiation. When a cryptography mechanism provides non-repudiation, the sender cannot later deny he sent the message (well, he can try to deny it, but the cryptosystem proves otherwise). It’s a way of keeping the sender honest. Non-repudiation is a preventive control – it prevents someone having the ability to deny something.

Answer 706

Correct Answer: B Section: Security Operations Explanation: Output controls are used for two things — for protecting the confidentiality of an output, and for verifying the integrity of an output by comparing the input transaction with the output data. Elements of proper output controls would involve ensuring the output reaches theproper users, restricting access to the printed output storage areas, printing heading and trailing banners, requiring signed receipts before releasing sensitive output, and printing “no output” banners when a reportis empty.

Answer 707

Correct Answer: B Section: Security Operations Explanation: RAID Level 1 is commonly called mirroring. It mirrors the data from one disk or set of disks by duplicating the data onto another disk or set of disks. This is often implemented by a one-for-one disk to disk ratio: Each drive is mirrored to an equal drive partner that is continually being updated with current data. If one drive fails, the system automatically gets the data from the other drive. The main issue with this level of RAID isthat the one-for-one ratio is very expensive — resulting in the highest cost per megabyte of data capacity. This level effectively doubles the amount of hard drives you need, therefore it is usually best for smaller capacity systems.

Answer 708

Correct Answer: A Section: Security Operations Explanation: RAID Levels 3 and 4 function in a similar way. The only difference is that level 3 is implemented at the byte level and level 4 is usually implemented atthe block level. In this scenario, data is striped across several drives and the parity check bit is written to a dedicated parity drive. This is similar to RAID 0. They both have a large data volume, but the addition of a dedicated parity drive provides redundancy. If a hard disk fails, the data can be reconstructed by using the bitinformation on the parity drive. The main issue with this level ofRAID is that the constant writes to the parity drive can create a performance hit. In this implementation, spare drives can be used to replace crashed drives.

Answer 709

Correct Answer: A Section: Security Operations Explanation: RAID can be implemented in either hardware or software. Each type has its own issues and benefits. A hardware RAID implementation is usually platformindependent. It runs below the operating system (OS) of the server and usually does not care if the OSis Novell, NT, or Unix. The hardware implementation uses its own Central Processing Unit (CPU) for calculations on an intelligent controller card. There can bemore than one of these cards installed to provide hardware redundancy in the server. RAID levels 3 and 5 run faster on hardware. A software implementation of RAID means it runs as part of the operating system on the file server.

Answer 710

Correct Answer: A Section: Security Operations Explanation: RAID can be implemented in either hardware or software. Each type has its own issues and benefits. A software implementation of RAID means it runs as part of the operating system on the file server. Often RAID levels 0, 1, and 10 run faster on softwareRAID because of the need for the server’s software resources. Simple striping or mirroring can run faster in the operating system because neither use the hardware-level parity drives.

Answer 711

Correct Answer: A Explanation: The Differential Backup Method is additive because the time and tape space required for each night's backup grows during the week as it copies the day's changed files and the previous days' changed files up to the last full backup. Archive bits let the backup software know what needs to be backed up. The differential and incremental backup types rely on the archive bit to direct them. 問題560 哪種備份方法是可添加的，因為每晚備份所需的時間和磁帶空間會在一周內不斷增加，因為它會復制當天已更改的文件和前幾天已更改的文件直到最後一次完整備份？

Answer 712

Correct Answer: D Section: Security Operations Explanation: Digital Audio Tape (DAT) can be used to backup datasystems in addition to its original intended audiouses.

Answer 713

Correct Answer: A Section: Security Operations Explanation: Hierarchical Storage Management (HSM) provides a continuous on-line backup by using optical or tape "jukeboxes," similar to WORMs. It appears as an infinite disk to the system, and can be configured to provide the closest version of an available real-time backup. This is commonly employed in very large data retrieval systems.

Answer 714

Correct Answer: A Section: Security Operations Explanation: Physically securing the tapes from unauthorized access is obviously a security concern and is considered a function of the Operations Security Domain. Operations Security can be described as the controls over the hardware in a computing facility, the data media used in a facility, and the operators using these resources in a facility. Operations Security refers to the act of understanding the threats to and vulnerabilities of computer operations in order to routinely support operational activities that enable computer systems to function correctly.It also refers to the implementation of security controls for normal transaction processing, system administration tasks, and critical external support operations. These controls can include resolving software or hardware problems along with the proper maintenance of auditing and monitoring processes.

Answer 715

Correct Answer: B Section: Security Operations Explanation: When an incident strikes, more is required than simply knowing how to restore data from backups. Also necessary are the detailed procedures that outline the activities to keep the critical systems available and ensure that operations and processing are not interrupted. Contingency management defines what should take place during and after an incident. Actions that are required to take place for emergency response, continuity of operations, and dealing with major outages must be documented and readily available to the operations staff. Development of test procedures is not part of contingency planning. This has nothing to do with recovering from an incident. 發生突發事件時，不僅需要簡單地了解如何從備份中還原數據，還需要做更多的工作。還必須有詳細的過程來概述活動，以使關鍵系統保持可用狀態並確保操作和處理不會中斷。應急管理定義了應採取的措施在事件發生期間和之後發生的地方。必須記錄為緊急響應，操作的連續性和處理重大停機而需要採取的措施，並應隨時提供給操作人員。測試程序的開發不是應急計劃的一部分。這與從事件中恢復無關。

Answer 716

Correct Answer: D Section: Security Operations Explanation: With RAID level 5 data are written in disk sector units to all drives. Parity is written to all drivesalso, which ensures there is no single point of failure. Incorrect Answers: A: RAID Level 1 does not use a parity bit. It uses mirroring of drives. B: RAID Level 2 does not use block level parity. Ituses hamming code parity. C: RAID level 4 uses byte-level parity.

Answer 717

Correct Answer: A Section: Security Operations Explanation: HSM (Hierarchical Storage Management) provides continuous online backup functionality. It combines hard disk technology with the cheaper and slower optical or tape jukeboxes. HSM is typically used in very largedata retrieval systems

Answer 718

Correct Answer: A Section: Security Operations Explanation: A hot site is a facility that is leased or rented and is fully configured and ready to operate within a few hours. The only missing resources from a hot site are usually the data, which will be retrieved from a backup site, and the people who will be processing the data. The hot site would include computers, cables and peripherals. A climate control system might be required as well as most electronic equipment must operate in a climate-controlled atmosphere.

Answer 719

Correct Answer: C Section: Security Operations Explanation: A warm site is a leased or rented facility that is usually partially configured with some equipment, such as HVAC, and foundational infrastructure components, but not the actual computers. In other words, a warm site is usually a hot site without the expensive equipment such as communication equipment and servers.

Answer 720

Correct Answer: A Section: Security Operations Explanation: When a file is modified or created, the file systemsets the archive bit to 1. A differential backup process backs up the files that have been modified since the last full backup, but does not change the archive bit value.

Answer 721

Correct Answer: C Section: Security Operations Explanation: Data points obtained as part of the BIA informationgathering process will be used later during analysis. It is important that the team members ask abouthow different tasks—whether processes, transactions, orservices, along with any relevant dependencies—getaccomplished within the organization. 業務影響分析（BIA）識別關鍵業務流程中時間緊迫的方面，並確定其最大可忍受的停機時間。BIA有助於確定組織職能，每個組織單位處理故障的能力以及要恢復的功能和應用程序的優先級和順序，確定恢復這些領域和相互依賴關係所需的資源在執行業務影響分析（BIA）時，考慮依賴關係是非常重要的。如果要依靠另一個系統來運行，則無法啟動該系統。您不僅需要查看內部依賴關係，還需要查看外部依賴關係。您可能無法獲取業務所需的原材料，因此依賴關係是BIA的非常重要的方面。 BIA委員會不會真正理解所有業務流程，必須執行的步驟或這些流程所需的資源和供應。因此，委員會必須從知道的人（部門經理和整個組織中的特定員工）那裡收集此信息。該委員會首先確定將參加BIA數據收集會議的人員。委員會需要通過調查，訪談或研討會等方式，確定如何從選定的員工那裡收集數據。接下來，團隊需要通過實際進行調查，訪談和研討會來收集信息。作為信息收集的一部分而獲得的數據點將在以後的分析中使用。團隊成員必須詢問不同的任務（流程，交易或服務）如何不同，這一點很重要，

Answer 722

Correct Answer: C Section: Security Operations Explanation: One of the ways to provide uninterrupted access to information assets is through redundancy and fault tolerance. Redundancy refers to providing multiple instances of either a physical or logical component such thata second component is available if the first fails. Fault tolerance is a broader concept that includes redundancy but refers to any process that allows a system to continue making information assets available in the case of a failure. Fault tolerance countermeasures are designed to combat threats to design reliability. Although fault tolerance can include redundancy, it also refers to systems such as RAID where if a disk fails, the data can bemade available from the remaining disks.

Answer 723

Correct Answer: B Section: Security Operations Explanation: The Orange Book provides a classification system that is divided into hierarchical divisions of assurance levels: A. Verified protection B. Mandatory protection C. Discretionary protection D. Minimal security Classification A represents the highest level of assurance, and D represents the lowest level of assurance. Each division can have one or more numbered classes with a corresponding set of requirements that must be met for a system to achieve that particular rating. The classes with higher numbers offer a greaterdegree of trust and assurance. So B2 would offer more assurance than B1, and C2 would offer more assurance than C1. Each division and class incorporates the requirements of the ones below it. This means that C2 must meet its criteria requirements and all of C1’s requirements, and B3 has its requirements to fulfill along with those of C1, C2, B1, and B2. C2: Controlled Access ProtectionUsers need to be identified individually to provide more precise access control and auditing functionality. Logical access control mechanisms are used to enforce authentication and the uniqueness of each individual’s identification. Security-relevant events are audited, and these records must be protected from unauthorized modification.

Answer 724

``` Correct Answer: C Section: Security Operations Explanation: Orange Book Pages 15 states: 2.1.3.1.2 System Integrity: Hardware and/or software features shall be providedthat can be used to periodically validate the correct operation of the on-site hardware and firmware elements of the TCB. ```

Answer 725

Correct Answer: A Section: Security Operations Explanation: On-site mirroring is a transaction redundancy solution.

Answer 726

Correct Answer: A Section: Security Operations Explanation: A Recovery Point Objective (RPO) is the maximum period of time in which data might be lost if a disaster strikes. It is the most recent point in time to which data must be synchronized to avoid major negative impacton the organization.

Answer 727

Correct Answer: A Section: Security Operations Explanation: Database Shadowing is one type of transaction redundancy solution whereby a full copy of the user's database is maintained at an alternate information processing facility.

Answer 728

Correct Answer: A Section: Security Operations Explanation: Cheyenne Software (now owned by Computer Associates) was the first to offer RAID 5 for tape devices. Because by nature tape devices employ a sequential access method, RAID 5 is an ideal solution for a tape array.

Answer 729

Correct Answer: A Section: Security Operations Explanation: Availability is one of the main themes behind business continuity planning, in that it ensures that the resources required to keep the business going will continue to be available to the people and systems that rely upon them. Note: The CIA Triad, primary goals and objectives of security, is the three essential security principles of confidentiality, integrity, and availability . Vulnerabilities and risks are also evaluated based on the threat they pose against one or more of the CIA Triad principles.

Answer 730

Correct Answer: A Section: Security Operations Explanation: All the employees should be monitored, not only a few.

Answer 731

``` Correct Answer: C Section: Security Operations Explanation: The damage assessment team should be responsible determining the disaster's cause and the amount of damage that has occurred to organizational assets. The assessment of the damage should include the status of the equipment at the site such as servers and network devices. 在搶救局域網和服務器期間，通常將首先執行以下哪個步驟？ A.減輕損害 B.安裝局域網通訊網絡和服務器 C.評估對局域網和服務器的損壞 D.回收設備正確答案：C 損害評估小組應負責確定災難的原因以及對組織資產造成的損害程度。對損壞的評估應包括站點上設備（例如服務器和網絡設備）的狀態。 ```

Answer 732

Correct Answer: B Section: Security Operations Explanation: A centralized incident reporting would increase, not decrease, the likelihood that an employee would report an incident.

Answer 733

Correct Answer: B Section: Security Operations Explanation: In some circumstances, a law enforcement agent may seize evidence that is not included in the warrant,such as if the suspect tries to destroy the evidence. In other words, if there is an impending possibility that evidence might be destroyed, law enforcement may quickly seize the evidence to prevent its destruction. This is referred to as exigent circumstances.

Answer 734

``` Correct Answer: A Section: Security Operations Explanation: Direct evidence can prove a fact all by itself and does not need backup information to refer to. Direct evidence often is based on information gathered from a witness’s five senses. ```

Answer 735

Correct Answer: B Section: Security Operations Explanation: Corroborative evidence is supporting evidence used to help prove an idea or point. It cannot stand itsown. Incorrect Answers: A: Circumstantial evidence can prove an intermediate fact, but not a direct fact by itself. The intermediate fact can then be used to deduce or assume the existence of another fact. This type of fact is used so the judge or jury will logically assume the existence ofa primary fact. 說明：確證是輔助證明觀點或觀點的證據。它不能自己作為代表。錯誤答案：答：間接證據可以證明是中間事實，但不能直接證明直接事實。然後可以使用中間事實來推斷或假設另一個事實的存在。使用這種類型的事實，因此法官或陪審團將在邏輯上假定存在主要事實。

Answer 736

Correct Answer: A Section: Software Development Security Explanation: In a multilevel security (MLS) database system, a trusted front-end is configured. Users connect to the trusted front-end and the trusted front-end connects to the database system. The trusted front end is responsible for directing queries to the correct database processor, for ensuring that there is no illegal flow of information between the database processors, for maintaining data consistency between replicated database fragments, and for properly labeling query responses and sending them back to the appropriate user. In addition, the trusted front end is responsible for user identification andauthentication, maintenance of the trusted path tothe user, and auditing. 在多級安全性（MLS）數據庫系統中，配置了受信任的前端。用戶連接到受信任的前端，而受信任的前端連接到數據庫系統。受信任的前端負責將查詢定向到正確的數據庫處理器，以確保數據庫處理器之間沒有非法的信息流，維護複製的數據庫片段之間的數據一致性，並正確標記查詢響應並將其發送回適當的用戶。此外，可信前端還負責用戶標識和身份驗證，維護到用戶的可信路徑以及進行審核。

Answer 737

Correct Answer: D Section: Software Development Security Explanation: High-level languages enforce coding standards as a specific order to statements is required as well asa syntax that must be used.

Answer 738

Correct Answer: A The human error in this answer is poor programming by the software developer. A buffer overflow takes place when too much data are accepted as input to a specific process. A bufferis an allocated segment of memory. A buffer can be overflowed arbitrarily with too much data, but for it to be of any use to an attacker, the code inserted into the buffer must be of a specific length, followed up by commands the attacker wants executed. When a programmer writes a piece of software that will accept data, this data and its associated instructions will be stored in the buffers that make up a stack. The buffers need to be the right size to accept the inputted data. So if the input is supposed to be one character, the buffer should be one byte in size. If a programmer does not ensure that only one byte of data is beingin serted into the software, then someone can input several characters at once and thus overflow that specific buffer

Answer 739

Correct Answer: D Certification and accreditation (C&A) processes are per formed before a system can be formally installed in the production environment. Certification is the technical testing and evaluation of a system while accreditation is the formal authorization given by management to allow a system to operate in a specific environment. The accreditation decision is based upon the results of the certification process. This occurs during the acceptance phase.

Answer 740

Correct Answer: B A distributed computing environment is dependent ona network to ensure interoperability. This increases the footprint of the system and increases the potential for attack.

Answer 741

Correct Answer: B The security analyst contributes to the developmentof policies, standards, guidelines, and baselines.They help define the security controls and ensure the security controls are being implemented and maintained. Thisrole is fulfilled through consultation and evaluation.

Answer 742

Correct Answer: A A Pseudo flaw is appearing as a vulnerability in anoperating system program but is in actual fact a trap for intruders who may attempt to exploit the vulnerability.

Answer 743

Correct Answer: B Validation is the process of determining whether the product provides the necessary solution for the real-world problem that is was created to solve.

Answer 744

Correct Answer: B Debugging provides the basis for the programmer to correct the logic errors in a program under development before it goes into production. Logical errorsand coding mistakes are referred to as bugs in the code.

Answer 745

Correct Answer: B Debugging provides the basis for the programmer to correct the logic errors in a program under development before it goes into production. Logical errors and coding mistakes are referred to as bugs in the code.

Answer 746

Correct Answer: D Application control limits what users can see or dowithin the application. For example, if a user does not have the necessary access privilege to perform some functions, the functions can be hidden from the screen or the screen itself can be hidden so the user cannot select it within the application. In a similar way, only the records a user has access to can be displayed.

Answer 747

Correct Answer: D An object-oriented database has classes to define the attributes and procedures of its objects, which can be a variety of data types such as images, audio, documents, and video. This complex data is requiredfor computer-aided design and imaging.

Answer 748

Correct Answer: D A relational database model uses attributes (columns) and tuples (rows) to contain and organize information. The relational database model is the most widely used model today. It presents information in the form of tables. A relational database is composed of two-dimensional tables, and each table contains unique rows, columns, and cells (the intersection of a row and acolumn). Each cell contains only one data value that represents a specific attribute value within a given tuple. These data entities are linked by relationships. The relationships between the data entities provide the framework for organizing data. A primary key is a field that links all the data within a record to a unique value. Data manipulation language (DML) contains all the commands that enable a user to view, manipulate, anduse the database (view, add, modify, sort, and delete commands). A constraint is usually associated with a table andis created with a CREATE CONSTRAINT or CREATE ASSERTION SQL statement. They define certain properties that data in a database must comply with. They can apply to a column, a whole table, more than one table or an entire schema. Security structures called referential validation within tables are not an element of a relational database model. Referential integrity is used to ensure all foreign keys reference primary keys. Referential validationis not a security structure within a table.

Answer 749

Correct Answer: A A database can be defined as a persistent collection of interrelated data items. Persistency is obtained through the preservation ofintegrity and through the use of nonvolatile storage media. The description of a database is a schemaand a Data Description Language (DDL) defines the schema.

Answer 750

Correct Answer: B The relational database model is based on a series of interrelated two-dimensional tables that have columns representing the variables and rows that contain specific instances of data

Answer 751

Correct Answer: A The domain of a relation is the set of allowable values that an attribute can take. In other words, it is the values that can be entered in a column (attribute) of a table (relation).

Answer 752

Correct Answer: A A query plan (or query execution plan) is an ordered set of steps used to access data in a SQL relational database management system. This is a specific case of the relational model concept of access plans. Since SQL is declarative, there are typically a large number of alternative ways to execute a given query, with widely varying performance. When a query is submitted to the database, the query optimizer evaluates some of the different, correct possible plans for executing the query and returns what it considers the best option.

Answer 753

Correct Answer: A Bind parameters—also called dynamic parameters or bind variables—are an alternative way to pass data to the database. Instead of putting the values directly into the SQL statement, you just use a placeholder like ?, :name or @name and provide the actual values using a separate API call. When using bind parameters you do not write the actual values but instead insert placeholders into theSQL statement. That way the statements do not change when executing them with different values.

Answer 754

Correct Answer: A The first normal form (1NF) requires that we create separate tables for each group of related data and identify each row with a unique column identified as the primary key. The second normal form (2NF) requires that we move data that is only partially dependent on the primary key to another table. The third normal form (3NF) requires that we remove data that do not depend only on the primary key. The process of conforming with the normal form us called normalization.

Answer 755

Correct Answer: D Normalizing data within a database does not eliminate duplicate key fields by putting them into separate tables. An entity is in First Normal Form (1NF) when all tables are two-dimensional with no repeating groups. A row is in first normal form (1NF) if all underlying domains contain atomic values only. 1NF eliminates repeating groups by putting each into a separatetable and connecting them with a one-to-many relationship. Make a separate table for each set of related attributes and uniquely identify each record with a primary key. Eliminate duplicative columns from the same table. Create separate tables for each group of related data and identify each row with a unique column or set of columns (the primary key). An entity is in Second Normal Form (2NF) when it meets the requirement of being in First Normal Form (1NF) and additionally: Does not have a composite primary key. Meaning thatthe primary key cannot be subdivided into separatelogical entities. All the non-key columns are functionally dependent on the entire primary key. A row is in second normal form if, and only if, it is in first normal form and every non-key attributeis fully dependent on the key. 2NF eliminates functional dependencies on a partialkey by putting the fields in a separate table fromthose that are dependent on the whole key. An example is resolving many:many relationships using an intersecting entity An entity is in Third Normal Form (3NF) when it meets the requirement of being in Second Normal Form (2NF) and additionally: Functional dependencies on non-key fields are eliminated by putting them in a separate table. At this level, all non-key fields are dependent on the primary key. A row is in third normal form if and only if it is in second normal form and if attributes that do notcontribute to a description of the primary key aremove into a separate table. An example is creating look-up tables.

Answer 756

Correct Answer: A An object-oriented database (OODB) has classes to define the attributes and procedures of its objects,which can be a variety of data types such as images, audio, documents, and video. This complex data is required for computer-aided design and imaging.

Answer 757

Correct Answer: B | Interpreters translate one command at a time duringrun-time or execution time.

Answer 758

Correct Answer: C Distributed Computing Environment (DCE) does provide the same functionality as DCOM, but it is NOT more proprietary than DCOM. Distributed Computing Environment (DCE) is a standard developed by the Open Software Foundation (OSF),also called Open Group. It is a client/server framework that is available to many vendors to use within their products. This framework illustrates how various capabilities can be integrated and shared between heterogeneous systems. DCE provides a Remote Procedure Call (RPC) service, security service, directory service, time service, and distributed file support. It was one of the first attempts at distributed computing in the industry. DCE is a set of management services with a communications layer based on RPC. It is a layer of software that sits on the top of the network layer and provides services to the applications above it. DCE and Distributed Component Object Model (DCOM) offer much ofthe same functionality. DCOM, however, was developed by Microsoft and is more proprietary in nature.

Answer 759

Correct Answer: B Bottom Up Testing is an approach to integrated testing where the lowest level components are tested first, then used to facilitate the testing of higher level components. The process is repeated until the component at the top of the hierarchy is tested. With Bottom Up Testing critical modules can be tested first and the main advantage of this approach isthat bugs are more easily found. All the bottom or low-level modules, procedures or functions are integrated and then tested. After the integration testing of lower level integrated modules, the next level of modules will be formed and can be used for integration testing. This approach is helpful only when all or most of the modules of the same development level are ready. This method also helps to determine the levels of software developed and makes it easier to report testing progress in the form of a percentage.

Answer 760

Correct Answer: C A padded cell system is used in Intrusion Detection Systems (IDSs) and is similar to a honeypot. When an IDS detects an intruder, that intruder is automatically transferred to a padded cell. The padded cell has the look and layout of the actual network, but within the padded cell the intruder can neither perform malicious activities nor access any confidential data.

Answer 761

Correct Answer: C The design stage takes as its initial input the requirements identified in the approved requirements document, this would include security specifications. For each requirement, a set of one or more design elements will be produced as a result of interviews, workshops, and/or prototype efforts.

Answer 762

Correct Answer: C To determine the user interface would not be part of the change control phase. This would be done in an earlier phase. The change control analyst is responsible for approving or rejecting requests to make changes to the network, systems, or software. This role must make certain that the change will not introduce any vulnerability, that it has been properly tested, and that it is properly rolled out. The change control analyst needs to understand how various changes can affect security, interoperability, performance, and productivity.