SEARCH
You are in browse mode. You must login to use MEMORY

   Log in to start

level: CISSP Questions #1

Questions and Answers List

level questions: CISSP Questions #1

QuestionAnswer
Parameter Checking is used to help prevent buffer overflow attacks, not to enforce process isolation.All of the following can be used to enforce process isolation EXCEPT - Naming Distinctions - Time Multiplexing - Encapsulating Objects - Parameter Checking
Encryption is provided. MPLS does not natively include encryption services.What is NOT true regarding MPLS? - QoS is provided - Packet labeling is provided - Traffic engineering is provided - Encryption is provided
TCP sequence number attack exploits the communication session that is created between two hosts.Which attack is used to hijack a communication session between two devices? - Sniffer attack - TCP sequence number attack - Ping of Death attack - DNS poisoning
It provides confidentiality but not authenticity or non-repudiation. One of the strengths of asymmetric cryptography is its ability to provide confidentiality, authentication, and non-repudiation.Which statement is NOT true in relation to asymmetric cryptography? - It has better key distribution than symmetric systems - It provides confidentiality but not authenticity or non-repudiation - It works much more slowly than symmetric keys - It has better scalability than symmetric systems
Linear cryptanalysis is a variation of the known plaintext attack that works against block ciphers. It employs affine transformation approximations to deduce the cipher's exact behavior.Which type of cryptographic attack relies on the study of an affine transformations to deduce the cipher's exact behavior? - Differential cryptanalysis - Side-channel attack - Linear cryptanalysis - Algebraic attack
DCOM.What would you choose to counteract covert channels? - Emanation - Scrubbing - DCOM - EMSEC
To store and process cryptographic keys. TPM is a cryptoprocessor chip used to store and manage digital encryption keys.What is the purpose of the Trusted Platform Module (TPM)? - To improve fault tolerance by adding redundant components - To limit the actions of users based on their privileges - To host multiple operating systems on a single host computer - To store and process cryptographic keys
It helps maintain the integrity of data using the simple integrity axiom and the *-integrity axiom. AKA the no write up rule, specifies that a subject or process cannot write data to an object at a higher integrity levelWhat statement describes the Biba Security model? - It separates data into high protection data called constrained data items (CDI's) - It ensures that actions at higher security levels do not interfere with actions at lower security levels - It helps maintain the integrity of data using the simple integrity axiom and the *-integrity axiom - It helps protect the confidentiality of data using the *-property rule and the strong start property rule
Keys used for encryption and decryption are mathematically related. They use two different, but mathematically related, static keys.What statement about asymmetric key encryption is true? - Asymmetric key encryption is faster than symmetric key encryption - DSA is an asymmetric key algorithm that can only be used for encryption - Keys used for encryption and decryption are mathematically related - Asymmetric key encryption can only be used to provide confidentiality
Encountering an error message indicates a failed test.Which statement does not apply to misuse case testing? - Encountering an error message indicates a failed test - Invalid information is entered to determine how it is handled by the application - It is used to identify weaknesses in an application - the goal is to prevent application crashes
Enumeration. This is the second step in the penetration test methodology and builds on the information gathered during the discovery phase and is specifically directed at the targeted systems, applications, and networks.Which step of a penetration test involves performing port scans to discover information about a target? - Exploitation - Enumeration - Reconnaissance - Vulnerability mapping
Using a software program. Using automated tools ensures that the process of collecting, analyzing, and reporting the information is consistent and efficient.How should the security information that is captured by an organization's information security continuous monitoring (ISCM) program be collected, analyzed, and reported upon? - By the network administrator - By the end user - Using a software program - By the security administrator
Accountability. Monitoring, auditing, and logging ensure that users are accountable for their actions within an organization.Monitoring, auditing, and logging provide which measure within an organization? - Accountability - Availability - Confidentiality - Integrity
Minimize downtime and recovery costs.You are performing a BCP through a BIA. During this process, you should strive for which goal?
Temporal isolation. AKA time-based access control is often used in conjunction with other authentication methods, particularly role-based access control (RBAC).What technique is used to extend the capability of a role-based access control mechanism? - Temporal isolation - Scrubbing - Polyinstantiation - Asset valuation
Attribute Based Access Control (ABAC).Which access control model allows administrators to create policies using plain language statement? - Role Based Access Control (RBAC) - Attribute Based Access Control (ABAC) - Rule-Based Access Control - Discretionary Access Control (DAC)
Ensure transactions are canceled if the Internet connection is lost.You have been tasked with testing the internal interfaces of an application. Which test should you include in your testing strategy? - Verify that the application is compatible with the network connections - Verify that the communications between the server application and the database server are functioning properly - Ensure all supported web browsers have been tested to verify that they are all functioning properly - Ensure transactions are canceled if the Internet connection is lost
CCMP. WPA2 uses AES (128 bit) and Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) for wireless data encryption.You are planning to implement the 802.11i wireless standard for your WLAN environment. You want to ensure that your network is secure. Which encryption method should you use if you implement WPA2? - TKIP - 802.1X - CCMP - EAP
Watermarking. Watermarking involves embedding copyright information or a hidden message in the content.Which DRM software method is mainly used to monitor and track content? - ASIC-based security - IMEI number - Watermarking - Steganography
Signature-based intrusion detection system. This uses accumulated knowledge to determine if an attack occurs.You have been tasked with implementing IDS that uses predefined knowledge to determine if an attack is occurring. Which option represents the BEST system to meet these requirements? - Statistical anomaly-based intrusion detection system - Host-based intrusion detection system - Signature-based intrusion detection system - Network-based intrusion detection system
Infrastructure as a Service (IaaS). IaaS is the most flexible cloud computing model that allows an organization to quickly scale up new software or data-based services without installing the required hardware.Which cloud computing model is highly scalable and provides deployment automation? - Software as a Service (SaaS) - Platform as a Service (PaaS) - Infrastructure as a Service (IaaS) - Security as a Service (SECaaS)
Wardialing.The network administrator for your company has asked you to provide a report on the number of unaccounted for modems attached to the network. What should you do to accomplish this? - Wardriving - Packet sniffer - Piggybacking - Wardialing
Target acquisition involves investigating and gathering intelligence to identify possible targets. Methods used to helped prevent target acquisition include performing network address translation, securing directory databases, using hidden directory paths, and using unique usernames for privileged accounts.Security attacks typically follow four steps that include target acquisition, analysis, access, and appropriation. You have decided to use hidden directory paths to help prevent attacks. Which step of an attack does this help prevent? - Target analysis - Target appropriation - Target access - Target acquisition
Hash-based Message Authentication Code (HMAC). HMAC provides data origin authentication, but fails to provide data confidentiality.The following steps are performed to send a message to another user: 1. The message runs through a hashing algorithm, which generates a MAC value. 2. The MAC value is appended to the message by the sender and sent to the receiver. 3. The receiver accepts the message and adds their secret key to the message before an algorithm generates an independent MAC value for the message. 4. The receiver compares the two MAC values to see if they are the same. Which type of message authentication method is being described?
Transition plans for replacing outdated keys. The goverance of cryptographic algorithms and systems should address the following at minimum: - Transition plans for replacing outdated algorithms and keys - Procedures for the use of cryptographic systems - Approved cryptographic algorithms and key sizes - Key generation, escrow, and destruction guidelines - Incident reporting guidelinesWhich option should be addressed by the governance of cryptographic algorithms and systems at a minimum? - The top web application security flaws and how they can be mitigated - Industry-recommended cryptographic algorithms - Transition plans for replacing outdated keys - All keys that have been issued by the system
Maintain It.What should you do after a security awareness program is implemented?
Practicing Due care. Due care means that the organization takes responsibility for its actions and takes the necessary steps to protect itself from any possible risks.To which legal and regulatory requirement are all organizations subject?
They can involve a memory location being shared between two different individuals with different security levels.Which statement about covert storage channels is true? - The are less efficient than covert timing channels - They can involve a memory location being shared between two different individuals with different security levels - They are the only type of covert channel that can be used to access sensitive information - They rely on being able to influence the rate other processes are able to acquire CPU, memory, and I/O resources.
Covert channel. A wireless covert channel is an unsecured, unknown wireless communication channel within a network.What can be caused by a rogue access point within an organization's network? - Man-in-the-middle attacks - Inference - Covert channel - Eavesdropping
Cleanroom. The cleanroom model is a process used for the development of high-quality software and puts an emphasis on the earlier phases of the model.Which non-iterative software development model attempts to ensure quality by spending more time in the earlier phases of the model, such as design? - Structured Programming Development - Spiral - Waterfall - Cleanroom
Top Secret. Unauthorized disclosure of the laser blueprints would cause damage to national security beyond serious damage.The military has blueprints for a new laser weapon capable of shooting missles out of the air that will be outfitted on their naval ships. Which Data classification is being discussed? - Sensitive but unclassified - Secret - Top Secret - Unclassified
Private. Private is a typical business classification level that applies to employee or customer data.To which business classification level is credit card information typically addressed? - Secret - Private - Public - Confidential
Overwriting. Overwriting the sectors that sensitive data was stored in will provide a certain level of assurance that the sensitive data cannot be retrieved.Which method is commonly used to remove remnants of sensitive financial data from media before the media is reused with an organization? - Overwriting - Shredding - Formatting - Degaussing
The Safe Harbor framework.Laws designed to protect individuals' privacy have been created worldwide. However, different approaches have been adopted by the various countries. Which of the following was created by the U.S. Department of Commerce in consultation with the European Commission to bridge the differences in approaches? - The 1948 Universal Declaration of Human Rights - The 1980 Guidelines Governing the Protection of Privacy and Transborder Data Flows of Personal Data - The Lisbon Treaty - The Safe Harbor framework
Control analysis.Which risk management concept involves using a security requirements checklist as a best practice? - Control analysis - Monitoring - Reporting - Continuous Improvement
RDP. Remote Desktop Protocol (RDP) can be used to encrypt the transmission channel, thus securing the data in transit.You need to provide users with a method for making secure remote connections to their Windows computers. Which technology should you deploy to the users? - Telnet - SSH - VNC - RDP
Ciphertext-only attacks. A ciphertext-only attack happens when an attacker has only encrypted data or ciphertext to work with. It's easy to initiate because all that is needed is a single piece of ciphertext. It's very difficult to produce results though because so little information is known abut the encryption process.Which active cryptographic attack is EASIEST to initiate, but is the MOST difficult to actually produce results? - Known-plaintext attacks - Chosen-ciphertext attacks - Chosen-plaintext attacks - Ciphertext-only attacks
Java.Which programming language contains the sandbox and garbage collection security features? - JavaScript - C - COBOL - Java
194.Due to security concerns with the Internet Relay Chat (IRC) application, you need to prevent IRC traffic from entering your network. Which port number do you need to block on your firewalls? - 53 - 22 - 143 - 194
Fraggle Attack. A fraggle attack uses UDP messages that are modified to appear to have the source address of the system being targeted.Which type of attack uses spoofed UDP packets in an attempt to overwhelm a target system? - Fraggle attack - Teardrop attack - Smurf attack - SYN flood attack
Smart Lock. This is because they can track the people who use them.Which type of lock allows for a certain amount of individual accountability?
Data Link- PPP Application- Telnet Presentation- JPEG Transport- SSL/TLS Session- SQL, RPCWhich protocols or services are used at different layers of the OSI model layer? Match the protocols or services to the appropriate layer. Layers- Data Link, Application, Presentation, Transport, Session Protocols/Services- JPEG, SSL/TLS, PPP, Telnet, SQL, RPC
Stores and backs up information for the information owner - Information Custodian Ultimately responsible for defending information assets - Executive Management Manages and reviews the company's security policies and procedures - Security officer Follows the organization's security policies - End user Creates accounts and adds access permissions for users that require access to data, applications, or systems - Security administratorWhich security roles match each security responsibility description? Responsibility Descriptions- Stores and backs up information for the information owner, Ultimately responsible for defending information assets, manages and reviews the company's security policies and procedures, follows the organization's security policies, creates accounts and adds access permissions for users that require access to data, applications, or systems. Roles- Security officer, Executive management, Security Administrator, End user, Information custodian
Isolated PVLAN. It is a secondary VLAN that exists inside the primary VLAN. Nodes attached to the isolated PVLAN are able to send packets to, and receive packets from, ports in the promiscuous PVLAN only.Which component of private virtual local area network (PVLANs) is only capable to send packets to, or receive packets from, ports in the promiscuous PVLAN? - Isolated PVLAN - Promiscuous PVLAN - Community PVLAN - Primary PVLAN
Gives organization the flexibility to tailor the framework to their own needs - NIST SP 800-53 Comprises a set of 34 high-level processes and 214 control objectives to support these processes - COBIT Identifies five areas of internal control that must be present for data integrity in financial reporting and disclosure - COSO Contains best practices for IT processes that enable high levels of availability, confidentiality, and data integrity - ITILWhich security control frameworks match each framework description? Frameworks- NIST SP 800-53, ITIL, COBIT, COSO Description- Gives organization the flexibility to tailor the framework to their own needs, Comprises a set of 34 high-level processes and 214 control objectives to support these processes, Identifies five areas of internal control that must be present for data integrity in financial reporting and disclosure, Contains best practices for IT processes that enable high levels of availability, confidentiality, and data integrity
It is typically applied by the end user.Data can be protected while it is in transit using either link encryption or end-to-end encryption. Each method functions differently. Which statement is true regarding end-to-end encryption? - It is typically applied by the end user - It is possible for an attacker to see a message in clear text format as it travels across the network - It encrypts the data and the routing information - It provides better traffic confidentiality
FFIEC. The Federal Financial Institutions Examination Council (FFIEC) provides a booklet on creating business continuity plans.Which of the following emphasizes resuming and maintaining business operations in financial institutions after a disaster? - NYSE Rule 446 - NASD Rule 3510 - Electronic Funds Transfer Act - FFIEC
Parallel test. The parallel test involves testing how the processes will run at the offsite facility and comparing them to the original site, making changes as necessary.You need to test the organization's BCP to ensure its suitable. You need to verify that the mission critical systems can function at the alternate processing site. Which type of test is the FIRST to perform an actual recovery at the alternate processing site? - Simulation - Parallel test - Structured walk-through - Full interuption
Negative. Negative testing is called misuse testing. It is typically performed by entering invalid information to identify how it is handled by the application.You have been tasked with testing a web application by attempting to access a secure web page without logging in. Which type of test do you need to perform? - Statement coverage - Regression - Path coverage - Negative
Determine whether the backups were successful.What is the LAST step that you should include in any backup plan? - Determine what type of backup media you will require - Determine where you should store the backup media and how long you should store it there. - Determine what data you will need to back up - Determine whether the backups were successful
The mitigations must be tested by an independent group.Steps have been taken to mitigate risks found during an assessment of custom software installed on one of the organization's servers computers. What step must be taken before the risk can be declared as mitigated? - The risks are considered mitigated once the proper controls have been put in place to deal with the risk - The developers of the custom software must sign off on the implemented mitigations - The owner of the server computer must sign off on the implemented mitigations - The mitigations must be tested by an independent group
A process used to protect against the accidental or deliberate introduction of harmful modifications to code or systems.What option BEST describes the change management process? - A formal process that ensures requested changes are implemented by the most qualified individuals - A process used to ensure that accidental changes do not occur within an organization's code of ethics - A process used to protect against the introduction of harmful patches to an organization's software. - A process used to protect against the accidental or deliberate introduction of harmful modifications to code or systems
Auditing. Security managers can perform log reviews, account monitoring, backup verification, and review key performance indicators (PKI).Identify an administrative duty that is not part of the security management review. - Account management - Key performance and risk indicators - Backup verification - Auditing
Determining the cost savings of implementing the asset is one of the ways of determining the cost of an intangible asset, not a tangible asset.These are tangible assets and there are intangible assets. All of the following methods can be used to determine the value of a tangible asset EXCEPT: - Obtaining current quotes for replacement cost comparison - Subtracting the depreciation from the original asset cost - Determining the cost savings of implementing the asset - Identifying the cost of switching to an alternative solution
Encapsulates data but does not encrypt it - PPP Encrypts packets at the network layer - IPsec Supports remote access and site-to-site topologies - VPN Encrypts data using GRE or MPPE - PPTP Requires digital certificates and a PKI - SSL VPN Communicates over UDP port 1701 - L2TPMatch each remote connections protocols to the proper description: Protocols- PPP, IPsec, VPN, L2TP, SSL VPN, PPTP Descriptions- Encapsulates data but does not encrypt it, Encrypts packets at the network layer, Supports remote access and site-to-site topologies, Encrypts data using GRE or MPPE, Requires digital certificates and a PKI, Communicates over UDP port 1701
It tracks real user sessions. This doesn't happen with synthetic monitoring and means that performance is predictable since specific steps are executed by a script at regular intervals.Which statement is NOT true of synthetic monitoring? - It is also classed as proactive monitoring - It tracks real user sessions - It uses external agents to run scripted transactions - It has full access over the client
Security policies.Which is MOST likely to be impacted by a company merger or acquisition? - Business interruption insurance - Security policies - Remote journaling - Reciprocal agreements
SAML. Security Assertion Markup Language (SAML) is an XML-based language often used to exchange identities between federated organizations.Which SSO method is commonly used to share Federated identify information? - SESAME - Open ID - SAML - OAuth
Application Decomposition and Analysis (ADA).The PASTA (Process for Attack Simulation and Threat Analysis) methodology has seven stages. What is the 3rd stage?
Session. Layer 5 Session Layer.What layer of the OSI model is Half-Duplex mode being used for communication between two applications? - Physical - Data Link - Network - Presentation - Session
White Box. White box testing is performed while knowing the details of the system.You provide a senior software tester with source code of an application and request that they perform a full test of the software. Which BEST identifies this type of test? - Sandbox - Black Box - White Box - Dynamic
Digital signature.What information is contained within a SAML token? - One-way hash - Block cipher - Temporary session key - Digital signature
SDN northbound interface. SDN applications use the SDN northbound interface (NBI) to communicate the network requirements of SDN applications to the SDN controller.Which component of Software Defined Networking (SDN) is used to communicate network requirements to the SDN controller? - SDN northbound interface - SDN datapath - SDN application - SDN control to data-plane interface
From a server's RAM.Which location is the BEST place to collect live evidence when performing eDiscovery at a crime scene? - From a SAN - From a smartphone - From a workstation's hard drive - From a server's RAM
Data custodian.Who is responsible for processing data backups? - Data custodian - Data owner - Security administrator - Information systems auditor
Streamlines the risk analysis process by identifying areas upon which to focus - FRAP Evaluates risks by defining and scoring the elements on a consistent scale - PUSH Uses a self-directed approach to securing an organization's assets - OCTAVE Examines potential effects of failures on three levels - FMEAMatch the risk assessment method with its description: Description- Streamlines the risk analysis process by identifying areas upon which to focus, Evaluates risks by defining and scoring the elements on a consistent scale, Uses a self-directed approach to securing an organization's assets, Examines potential effects of failures on three levels Method- FMEA, PUSH, OCTAVE, FRAP
LDAP. Lightweight Directory Access Protocol (LDAP) systems store information about users, network resources, file systems, and applications.An organization requires an indentity management solution that uses a remote access authentication system to store information about users and applications. Which remote access authentication system should the organization use? - RADIUS - Diamter - TACACS+ - LDAP
Branching. This refers to the ability to execute different commands based on differing inputs. Due to the sheer number of potential inputs to many software programs, branching increases the level of complexity of the software product.Which of the following increases the complexity of a software product? - Branching - SOMAP - OCTAVE - Scrubbing
It executes a known set of steps at regular intervals. This means that performance is predictable since specific steps are executed by a script at regular intervals.Which statement relates to a synthetic performance-monitoring test used on a web site? - It is also classed as end user experience monitoring - It uses web-monitoring services to track availability - It obtains and assesses server side information - It executes a known set of steps at regular intervals
Hardware-based FDE.What is the BEST way to secure all data at rest on a portable computer, with the LEAST impact on system performance? - Hardware-based FDE - Cloud computing - SSL - Software-based FDE
C2. Class C2, Controlled Access Protection, requires users to be identified individually, which makes them accountable for their actions. It also provides audit trails that can be used to track actions made by the users.Which classification level of the Orange Book is the first to provide individual accountability by requiring login procedures and audit trails? - B1 - B2 - C2 - C1
Consumers don't control any of the cloud-based assets, The CSP is responsible for maintaining the host and cloud infrastructure - SaaS The CSP is responsible for maintaining the host and cloud infrastructure - PaaS Consumers manage their applications and configuration settings on the host - PaaS The CSP is responsible for maintaining the cloud-based infrastructure - IaaS The CSP is responsible for the maintenance of all services - SaaS Consumers maintain the operating systems and applications - IaaSMatch each of the responsibilities for cloud-based assets to the relevant service model: Responsibilities- Consumers don't control any of the cloud-based assets, The CSP is responsible for maintaining the host and cloud infrastructure, Consumers manage their applications and configuration settings on the host, The CSP is responsible for maintaining the cloud-based infrastructure, The CSP is responsible for the maintenance of all services, Consumers maintain the operating systems and applications Service Models- SaaS, PaaS, IaaS
Implement egress and ingress filters - Spoofing attacks Set minimum password length - Brute force attacks Use OTP authentication - Dictionary attacksMatch the access control attacks with the methods for protecting against them: Methods for protecting- Implement egress and ingress filters, Set minimum password length, Use OTP authentication Attacks- Spoofing attacks, Dictionary attacks, Brute Force attacks
- Corporate policy - System specific policy - Issue specific policyName the three main types of policies that exist.
Acts as a Liaison between management, business, IT, and Information Security. This is actually a role of the steering committee.Which of the following is NOT true of Senior Management Responsibilities? - Ensure testing (and that appropriate results are achieved) - Prioritize business functions (based on BIA) - Establish a common vision/strategy/framework for the enterprise - Provide funding and support - Acts as a Liaison between management, business, IT, and Information Security
universal. All aspects of the organizations should be following the same universal frameworks or strategies.Frameworks and strategies should be _______ throughout an organization.
Qualitative.Subjective analysis to help prioritize probability and impact of risk events is an example of what type of risk analysis?
Exposure factor.The percentage of loss that is expected to result in the manifestation of a particular risk even it known as ____. - Asset Value (AV) - Single Loss Expectancy (SLE) - Asset Value (AE) - Exposure Factor (EF)
Total cost of ownership (TCO).What term describes the total cost of implementing a safeguard? - Return on Investment (ROI) - Total Cost of Ownership (TCO) - Asset Value (AV) - Exposure Factor (EF)
Rejection. Rejection is a risk response rather than a risk mitigation.Which of the following is NOT a form of risk mitigation? - Reduce - Avoidance - Transfer - Accept - Rejection
Avoidance because it is a mitigation method that avoids the risk altogether.Which of the following is the ultimate risk mitigation method? - Reduce - Avoidance - Transfer - Accept - Rejection
Risk Transfer.SLA's and contracts are examples of which type of Risk Mitigation method?
Key Risk Idicator.What does the acroynm KRI stand for?
Due Care.Setting and enforcing policy to bring an organization into compliance is known as ______.
employee behavior.The goal of knowledge transfer is to modify ________.
Financial reporting.What is a SOC 1 Report used for?
Security and Technology.What is a SOC 2 Report used for?
Security and Technology but publicly available.What is a SOC 3 Report used for?
SOC 3 is available to the public. They both are for Security and Technology, but a SOC 3 report is publicly available.What is the difference between a SOC 2 and SOC 3 report? - SOC 3 is for financial reporting - SOC 3 is available to the public - SOC 2 is available to the public - SOC 2 is for security and technology
Simulation Test.Which type of test goes through a disaster scenario, and continues up to the actual relocation to an offsite facility? - Checklist Test - Structured Walk-Through (Table Top) Test - Simulation Test
Data Owner.Who is responsible for determining the classification of data?
Data Custodian.Who maintains the data?
Obfuscation.What is the process of hiding, replacing, or omitting sensitive information? - Data anonymization - Tokenization - Obfuscation - Masking
Data anonymization._______ is the process of either encrypting or removing personally identifiable information from data sets, so that the people whom the data describe remain anonymous. - Data anonymization - Tokenization - Obfuscation - Masking
Tokenization.Public cloud service can be integrated and paired with a private cloud that stores sensitive data. The data sent to the public cloud is altered and contains a reference to the data residing in the private cloud. This process can be described as _______. - Data anonymization - Tokenization - Obfuscation - Masking
Masking._______ is the process of using specific characters to hide certain parts of a specific dataset (ie. displaying asterisks for all but the last 4 digits of SSN). - Data anonymization - Tokenization - Obfuscation - Masking
Protecting data moving to and withing the cloud.When it comes to data security in the cloud, SSL/TLS/IPsec protocols can be described as ______. - Detection of data migration to the cloud - Protecting data in the cloud - Protecting data moving to and withing the cloud
Detection of data migration to the cloud.When it comes to data security in the cloud, DAM and DLP can be described as ______. - Detection of data migration to the cloud - Protecting data in the cloud - Protecting data moving to and withing the cloud
Caesar Cipher.Which type of cyrptography is a simple substitution that shifts characters 3 spaces? (ie. A=D, B=E, C=F) - Caesar Cipher - Vernam - Enigma Machine and Purple Machine - Scytale - Vignere
Vigenere.What is another name for a polyalphabetic cipher which uses a key word that is agreed upon ahead of time and takes the first letter of the key and matches it up against the first letter of the message, and so on? - Caesar Cipher - Vernam Cipher - Vignere - Enigma Machine and Purple Machine - Scytale
Enigma Machine and Purple Machine.Which of the following is a rotary-based cryptographic tool that was used by both the German's and Japanese in WWII? - Caesar Cipher - Vernam Cipher - Vignere - Enigma Machine and Purple Machine - Scytale
Vernam CipherWhich cipher is commonly referred to as a one-time pad that is the only mathematically unbreakable form of cryptography? - Caesar Cipher - Vernam Cipher - Enigma Machine and Purple Machine - Scytale - Vignere
Cipher text.Plain Text + Initialization Vector + Algorithm (aka Cipher) + Key = _____. - Encryption - Asymetric encryption - Symetric encryption - Cipher text
Initialization Vector (IV).What adds randomness to the beginning of the process so that process becomes more random? - Cipher Text - Plain Text - Key - Initialization Vector (IV)
Salt.Which term refers to installing randomness after the process begins? - Seed - Salt - Encryption
Seed.Which term refers to installing randomness at the beginning of the process? - Seed - Salt - Encryption
Algorithm.A collection of math functions that can be performed, where the math functions perform the substitution is known as an _______.
Simplicity.Which is NOT a desirable quality of an algorithm? - Confusion - Diffusion - Simplicity - Avalanche (Chaining) - Permutations - Open - Kerchhoff's Principle
Permutation.DES (Data Encryption Standard) takes a block of data and encrypts it 16 times. Each round of encryption is known as _____. - Diffusion - Confusion - Permutation - Chaining
True.According to Kerchhoff's Principle an algorithm should always be open. - True - False
AES-256.Which algorithm is used today to protect sensitive, but unclassified information? - DES - 3DES - AES-128 - AES-256
Hashing.Mapping data of any size and providing a method for verifying the integrity and authenticity of data and their authors is known as ______ a value.
Zero-knowledge proof._____ allows a claimant to be authenticated to a verifier without revealing the encryption key, password, or other information to the verifier. - Digital Signature - Zero-knowledge Proof - Hasing - Initiation Vector (IV)
Zachman Framework.Which of the following is a schema used in software development processes in which questions (what, how, when, who, where, and why) are intersected with answers related to identification, definition, representation, specification, configuration, and instantiation. - COBIT - NIST 800-34 - ISO 27001 - Zachman Framework
Wi-Fi Protected Access 2 (WPA2).The approved Wi-Fi Alliance interoperable implementation of the IEEE 802.11i security standard is known as _____. - Wired Equivalent Privacy (WEP) - AES-256 - Wi-Fi Protected Access (WPA) - Wi-Fi Protected Access 2 (WPA2)
Secure Shell (SSH).____ is a protocol that allows users to remotely access systems using a secure end-to-end encryption using TCP port 22, and is often used with FTP, Telnet, and rlogin. - Secure Socket Layer (SSL) - Secure/Multipurpose Internet Mail Extensions (S/MIME) - Secure Shell (SSH) - Security Assertion Markup Language (SAML)
Secure Socket Layer (SSL).Which of the following is an encryption protocol used as a TCP handshake to establish secure private communications during internet data transmissions and is usually presented in web browsers as "https"? - Secure Socket Layer (SSL) - Secure/Multipurpose Internet Mail Extensions (S/MIME) - Secure Shell (SSH) - Security Assertion Markup Language (SAML)
SHA-192.Secure Hash Standard's secure hash algorithms established by NIST for computing a condensed representation of electronic messages (data). Which of the following is NOT an example of a secure hash standard? - SHA-1 - SHA-256 - SHA-192 - SHA-512 - SHA-512/244
Ad Hoc Mode/Ad Hoc Network.A wireless network with dynamic connections between devices without the use of an access point or wireless base-station is known as? - Ad Hoc Mode/Ad Hoc Network - LAN - PVLAN - VPN
Agile.Which of the following software development models emphasizes continuous customer feedback and cross-functional teamwork, with goal of quickly producing new functionality with each product version update or release? - Waterfall - Agile - Prototype - Spiral
Symmetric.Type of cryptography that provides good strong privacy and is very fast. - Symmetric - Asymmetric
IDEA.Which algorithm is used by PGP? - AES - Blowfish - DES - IDEA
RC-4.Which of the following is a stream cipher? - AES - Blowfish - RC-4 - IDEA
The Bell-LaPadula Model.Which security model states a subject cannot read data from a security level higher than subject’s security level? - The Bell-LaPadula Model - The Biba Model - The Clark-Wilson Model - The Brewer-Nash Model
The Bell-LaPadula Model.Which security model enforces confidentiality through three rules: Simple Security Property- no read up, * Security Property- no write down, and Strong * Property- no read/write up or down? - The Bell-LaPadula Model - The Biba Model - The Clark-Wilson Model - The Brewer-Nash Model
The Biba Model.Which security model enforces the integrity of knowledge by stating: Simple Integrity Axiom- A subject cannot read data from an object of lower integrity level, * Integrity Axiom- cannot write data to an object at a higher integrity level, and Invocation Property -> cannot invoke (call upon) subjects at a higher level? - The Bell-LaPadula Model - The Biba Model - The Clark-Wilson Model - The Brewer-Nash Model
The Bell-LaPadula Model.Which of the following security models was defined by the US government to protect state secrets, and to enforce confidentiality? - The Bell-LaPadula Model - The Biba Model - The Clark-Wilson Model - The Brewer-Nash Model
The Clark-Wilson Model.Which security model prevents unauthorized users from making modifications, prevents authorized users from making improper modifications, and maintains internal and external consistency (ie. reinforces separation of duties)? - The Bell-LaPadula Model - The Biba Model - The Clark-Wilson Model - The Brewer-Nash Model
The Clark-Wilson Model.Which security model is used when an untrusted entity is being forced through an interface to access a trusted resource? - The Bell-LaPadula Model - The Biba Model - The Clark-Wilson Model - The Brewer-Nash Model
The Brewer-Nash Model.Which security model's purpose is to limit the damage done by conflicts of interest in databases housing competitor information? - The Bell-LaPadula Model - The Biba Model - The Clark-Wilson Model - The Brewer-Nash Model
Reference Monitor.In system architecture the _____ can be defined as the rules that control access to resources. - Security Kernel - Reference Monitor - Security Policy - Trusted Computing Base (TCB)
Security KernelThe ______ invokes all the rules that control access to resources (ie. allow or deny access) - Security Kernel - Reference Monitor - Security Policy - Trusted Computing Base (TCB)
Must ensure one process has no more privileges than it needs.Which of the following is NOT a requirement for a security kernel? - Must facilitate isolation of processes - Must be invoked at every access attempt - Must ensure one process has no more privileges than it needs - Must be small enough to be tested and verified in a comprehensive manner
Compartmented.Which of the following secure modes of operation systems refers to being on a need to know basis? - Single State - Multi State - Compartmented - Dedicated
Orange Book.Which of the following evaluation criteria only looked at trust and assurance together as opposed to individually? - Capability Maturity Model Index (CMMI) - Orange Book - Common Criteria - ITSEC (Information Technology Security Evaluation Criteria)
Orange Book.Which evaluation criteria also known as Trusted Computer Security Evaluation (TCSEC) is based on the Bell-LaPadulla model (deals only with confidentiality)? - Capability Maturity Model Index (CMMI) - Orange Book - Common Criteria - ITSEC (Information Technology Security Evaluation Criteria)
ITSEC.Which evaluation criteria was created by a collection of European nations in 1991 as a standard to evaluate security attributes of computer systems? - Capability Maturity Model Index (CMMI) - Orange Book - Common Criteria - ITSEC (Information Technology Security Evaluation Criteria)
ITSEC.Which evaluation criteria uses F1 - F10 rates for functionality, and E0 - E6 for assurance? - Capability Maturity Model Index (CMMI) - Orange Book - Common Criteria - ITSEC (Information Technology Security Evaluation Criteria)
Common Criteria.which evaluation criteria is an international standard that is defined by ISO 15408? - Capability Maturity Model Index (CMMI) - Orange Book - Common Criteria - ITSEC (Information Technology Security Evaluation Criteria)
Common Criteria.Which of the following is a standard used for federal sytems? - Capability Maturity Model Index (CMMI) - Orange Book - Common Criteria - ITSEC (Information Technology Security Evaluation Criteria)
EAL-4.What is the Evaluation Assurance Level (EAL) rating that is defined as methodically designed, tested and reviewed? - EAL-1 - EAL-2 - EAL-4 - EAL-6 - EAL-7
Repeater. Repeaters are simple devices that help extend the network by amplifying a signal so that it can pass on to the next segment. Otherwise, the signal weakens (attenuation) and may not be decipherable by the receiving system.What device works at the physical layer to amplify electrical signals between network segments? - Switch - Router - Repeater - Gateway
SYN attack. The three types of attacks that fall under the umbrella of timing attacks are between the lines, NAK, and line disconnect.Which of the following is not considered a timing attack? - Line disconnect - Between the lines - NAK attack - SYN attack
Administrative password reset. The goal is to minimize the time administrators spend on password management. The following are the most common ways identity management deals with password management: • Password synchronization reduces the complexity of keeping up with different passwords for different systems. • Self-service password reset reduces help-desk call volumes by allowing users to reset their own passwords. • Assisted password reset reduces the resolution process for password issues for the help desk. This may include authentication with other types of authentication mechanisms (biometrics, tokens).Many identity management systems have various types of password management approaches. Which of the following is not a common approach? - Password synchronization - Self-service password reset - Assisted password reset - Administrative password reset
Host-to-host. The host-to-host transport layer in the TCP/IP architecture model would be equivalent to transport layer in the OSI model. This is where the SPX protocol resides.In the TCP/IP model, where does the SPX protocol reside? - Host-to-host - Internet - Network access - Application
User activated. Wireless proximity readers are different from user-activated systems. With a user-activated system the user must insert a card into the reader and then a set of credentials must be given to the system to properly authenticate the user. In wireless proximity systems, such as system-sensing readers, the readers “sense” the presence of an object and transmit signals to a proximity card to obtain the access control credentials held on the card.Which is not a characteristic or name of a system-sensing proximity card reader? - Transponder - User activated - Passive device - Field powered
Resiliency. Resiliency is the ability of the system to deal with challenges, damage, and negative actions, and return to a normal state of operation quickly, with minimum impact to the organization.Which of the following is a critical element of both security and DLP, and concerns the ability to deal with challenges, damage, and crises, and return to normal conditions quickly? - Business continuity - Disaster preparedness - Flexibility - Resiliency
Tactical, Operational, Strategic. Operational goals are daily tasks carried out to ensure that production is not negatively affected. Tactical goals are short term in nature but may require several steps or phases in order to complete. Strategic goals are long term in nature and involve forward thinking. Whenever you look at all three goals, it is referred to as the "planning horizon." In most cases, a network needs to be centrally controlled (possibly implementing domain controllers) before a PKI can be incorporated.Joe's boss assigns him three projects: 1. Reconfigure the network into a centrally controlled environment; 2. Make sure changes in the projects do not affect production; 3. Convert the entire network to a public key infrastructure (PKI) environment. Each project can be associated with a security goal type. Which of the project numbers below has the correct goal assigned to it? - Tactical, Operational, Strategic - Operational, Tactical, Strategic - Operational, Strategic, Tactical - Daily, Functional, Tactical
Overwhelming a computer by sending multiple communication requests. SYN attacks use up system resources by sending multiple communication requests to a computer until it can no longer process future communication requests. This is one example of a denial-of-service attack.Which of the following describes a SYN attack? - Sending small packets to a system that is unable to process them - Using spoofed UDP packets to learn about the topology of the victim's network - Overwhelming a computer by sending multiple communication requests - Using PING commands to overwhelm a system
The paths between the nodes and the back-end storage devices. It provides fault tolerance and redundancy. Storage area network (SANs) are made up of several storage systems connected together to form a single backup network. A SAN is a networked infrastructure that allows several systems to be connected to any storage device. This is usually provided by using switches to create a switching fabric. The switching fabric allows for several devices to communicate with back-end storage devices and provides redundancy and fault tolerance by not depending upon one specific line or connection.What is the switched fabric in a storage area network? - The paths between the nodes and the servers. It provides fault tolerance, but no redundancy - The paths between the nodes and the back-end storage devices. It provides fault tolerance and redundancy. - The paths between the nodes and the back-end storage devices. It provides integrity and confidentiality. - The paths between the nodes and the servers. It provides integrity and confidentiality.
Asymmetric. Knapsack is an asymmetric algorithm. It is not widely used anymore because it has been broken.Knapsack is what type of algorithm? - Asymmetric - Hashing - Symmetric - Hybrid
One-time password. One-time passwords are used to authenticate users only once. They have the characteristic of "something that you have" because a user does not know or remember the one-time password. Instead, the user has something that generates that password. The other choices are all examples of biometrics, which are based on what a user is.Which of the following authentication techniques is not based on something that you are? - One-time password - Palm-scan - Keystroke dynamics - Retina pattern
They are viewed as a project. Often companies view developing continuity plans as a project, meaning the project starts and then stops. It is not seen as an ongoing activity. This mentality can cause the plan to become quickly outdated because it is not being maintained.Which of the following is the main reason business continuity plans become outdated? - They are viewed as regulatory - They are viewed as mandatory - They are viewed as necessities - They are viewed as a project
To satisfy and meet auditing requirements based on specific compliance regulations. The reason companies should document these types of activities is to ensure that everyone follows the same procedures on different tasks. This action helps prevent new security vulnerabilities from being introduced with changes to the environment. Although some organizations may have this as one of the things that is checked during auditing activities, not all companies do and passing an audit is not the reason documentation should be generated.The main reasons for documenting computer support and operation activities and procedures include all but which of the following? - To satisfy and meet auditing requirements based on specific compliance regulations - To ensure consistency of activities, which will provide a more stable environment - To give empolyees detailed instructions on how to carry out different types of tasks - To help ensure that security holes and oversights do not occur
3G. During the third generation (3G) of cellular networks, there were many enhancements, including replacing circuit switching technologies with packet switching, as well as expanded services, higher capacities, and faster communications speeds. This is the generation that made all devices popular worldwide.During which generation of cellular technology was circuit switching replaced with packet switching? - 1G - 4G - 3G - 2G
Multiprotocol label switching. Multiprotocol Label Switching (MPLS) is a common component in high-performance networks that is used to direct traffic from one network node to the next based on short path labels rather than long network addresses, avoiding complex lookups in a routing table. Network addresses represent node endpoints, and labels represent paths between nodes._______________________ allows for high performance on telecommunications networks by using short path labels instead of network addresses, thus avoiding the use of complex routing tables. - Multiprotocol label switching - ARP-based table routing - ATM cell switching - Frame-based relay routing
UDP. User Datagram Protocol (UDP) is connectionless and does not guarantee that its message will be delivered to the recipient, thus the name "best effort." In contrast to Transmission Control Protocol (TCP), UDP performs no handshaking nor does it set up a virtual connection. One benefit, however, is extremely low overhead. UDP is used when reliability is not an issue.Which of the following is a "best effort" protocol requiring fewer resources than other transport protocols? - IP - UDP - TCP - ARP
Catastrophe. Catastrophes have the most significant physical impact on businesses. They can come in the form of earthquakes, tornados, fires, or floods. The distinguishing difference between catastrophes and disasters is that catastrophes destroy a facility altogether. To resume operations, short- and long-term solutions must be developed. Disasters typically involve the facility only being partially destroyed and the business being impacted temporarily.Which of the following threats cripples a business, destroys the original facility, and requires short- and long-term recovery planning? - Non-disaster - Disaster - Man-made disaster - Catastrophe
Software development. Unit testing is part of the software development phase. This phase involves the actual code writing by the developers and the developers testing their own code. Part of code writing is doing unit testing as different milestones are reached throughout the process.Unit testing is performed in what phase of the software development life cycle? - Acceptance testing/implementation - Operations/maintenance - System design specifications - Software development
Humidity levels. A hygrometer is used to measure humidity levels. High humidity levels create too much moisture which can damage computers. Low humidity levels cause static electricity, which also causes problems to computers.Because environmental changes can dramatically affect the performance of computing devices, it is important to consistently monitor levels. What would a person be measuring if he were using a hygrometer? - Temperature changes over time - Humidity levels - Dust contaminants - Combustibility of materials
Budget expenditures by a particular individual. Any organizational budget expenditures by a particular individual would be considered organizational data, possibly proprietary data, but not directly related to an individual's personal data.All of the following are examples of data that can be considered at the sensitivity level of private, except: - Personal information for use within a company - Salary information - Protected health information - Budget expenditures by a particular individual
Centralized. TACACS+ is a client/server protocol used in dial-up access centralized environments. Centralized access control administration has one entity that makes all access decisions. In most implementations a firewall or router would have TACACS+ implemented and be the central authentication mechanism.TACACS+ provides what type of access control administration? - Centralized - Mandatory - Discretionary - Decentralized
The closer you are to the root of the attack tree when you implement a mitigation technique, the more leaf conditions you will defeat with that particular mitigation or control.As a general rule for mitigating attacks using attack trees and reduction analysis techniques, which of the following is true? - The closer you are to the root of the attack tree when you implement a mitigation technique, the more leaf conditions you will defeat with that particular mitigation or control. - The farther you are away from the root of the attack tree when you implement a mitigation technique, the more leaf conditions you will defeat with that particular mitigation or control. - The closer you are to the leaf nodes of the attack tree when you implement a mitigation technique, the more leaf conditions you will defeat with that particular mitigation or control. - The closer you are to the root of the attack tree when you implement a mitigation technique, the fewer leaf conditions you will defeat with that particular mitigation or control.
UDP port 123. Since the Network Time Protocol is a connectionless protocol, it uses the User Datagram Protocol (UDP), on port 123.What transport layer protocol and port does the Network Time Protocol (NTP) use? - TCP port 123 - UDP port 123 - TCP port 119 - UDP port 119
Onsite mirroring. The question asks about offsite redundancy, thus onsite mirroring would not be an option. The other answers are different types of technologies that can be used to save data to an offsite facility.Which of the following is not an offsite transaction redundancy implementation for database security? - Onsite mirroring - Electronic vaulting - Remote journaling - Database shadowing
Council of Europe Convention on Cybercrime. The Council of Europe (CoE) Convention on Cybercrime is one example of an attempt to create a standard international response to cybercrime. It is the first international treaty seeking to address computer crimes by coordinating national laws and improving investigative techniques and international cooperation. The convention’s objectives include the creation of a framework for establishing jurisdiction and extradition of the accused. For example, extradition can only take place when the event is a crime in both jurisdictions.Which of the following was the first international treaty seeking to address computer crimes by coordinating national laws and improving investigative techniques and international cooperation? - Council of Global Convention on Cybercrime - Council of Europe Convention on Cybercrime - Organisation for Economic Co-operation and Development - Organisation for Cybercrime Co-operation and Development
ECB. Electronic Code Book (ECB) mode does not use any chaining. This means that the same plaintext will create the same ciphertext every time it is encrypted with the same key. The other DES modes use chaining, which means some of the previously encrypted data is used in the encryption process. These modes do not provide patterns as the ECB mode does.Which of the following DES modes is typically used when small amounts of data are encrypted, such as in ATM PIN numbers? - OFB - ECB - CFB - CBC
Volume of data. The volume of data the organization processes is usually not a consideration when selecting a DLP technical solution. Regardless of volume, the DLP solution should work. Volume of data is more of a factor that affects the size and efficiency of the solution.When evaluating DLP technical solutions, all of the following are critical factors, except: - Sensitive data awareness - Policy engine - Accuracy - Volume of data
Lattice-based. Lattice-based access controls provide upper and lower bounds of access for a subject pertaining to a specific object. When a subject makes an access attempt, the system will first check if it is allowed, and then determine the range of access the subject actually has. A subject may be able to "read" but not "write" to that object, thus "write" is outside of its lattice bounds.Access controls that give subjects and objects a range of upper and lower bound capabilities are called __________________. - Security labels - Lattice-based - Mandatory - Task-based
The individual and agency responsible for these activities may be held liable and the items may not be admissible in court. A chain of custody is a history that shows how evidence was collected, analyzed, transported, and preserved in order to be presented as evidence in court. Individuals and agencies responsible for ensuring these steps are followed can be seen as liable if the chain of custody is broken. Also, the evidence may not be admissible for the court case.Which of the following best describes why evidence must be properly collected and stored? - The individual and agency responsible for these activities may be held liable and the items may not be admissible in court - The individual and agency responsible for these activities may be held liable and the items may be admissible in court - The individual and agency responsible for these activities may be held liable and the items may not be admissible in court because the Prudent Person Rule is being followed - The individual and agency responsible for these activities may be held liable and the items may not be admissible in court because the Computer Fraud and Abuse Act is not being followed
Lower levels may not have adequate knowledge or a thorough enough understanding of the processes. Managers will tend to delegate any sort of risk analysis task to lower levels within the department. However, these lower levels may not have adequate knowledge or a thorough enough understanding of the processes that the risk analysis team may need to deal with.Why is it important to get the right level of employee involved in a risk analysis? - Lower levels may not have adequate knowledge or a thorough enough understanding of the processes - Decision makers need to be involved in this process because of how critical it is to the company - Lower and higher levels of individuals need to be involved to ensure that it is a fair assessment - The level does not matter; the team just needs to have one person per department involved
TEMPEST. TEMPEST was developed in the 1950s by the US government to address electromagnetic radiation being emitted from electrical equipment. Data can be captured via electrical signals and reconstructed, which threatens the confidentiality of sensitive data.What is the study and control of spurious electrical signals that are emitted by electrical equipment called? - IDS - Zones - White noise - TEMPEST
Testing. Testing is an example of an administrative control. Although it seems that testing could be a technical control, it is management's responsibility to ensure that proper testing takes place. Auditing is a technical control as it pertains to software collecting data about the events that take place within a system.All of the following are technical controls except? - Auditing - Testing - Network architecture - Encryption
Requires NAT. IP version 6, also called IP next generation (Ipng), has an address space of 128-bits, auto-configuration (which makes administration easier), and IPsec integrated, but it does not require NAT. NAT was developed when IPv4 addresses were running out. The IP address size could make NAT obsolete for the purpose of saving public addresses.Which of the following is not true of IPng? - Uses a 128-bit addressing space - IPSec is incorporated into the protocol - Requires NAT - Contains auto-configuration functionality
COBIT and COSO provide the “what is to be achieved,” but not the “how to achieve it." This is where the ITIL and ISO\IEC 27000 series come in. Where COBIT defines IT goals, ITIL provides the steps at the process level on how to achieve those goals.The reasons for the development of COBIT, COSO, and ITIL are clearly different. What is the difference between these frameworks? - COBIT and COSO provide the “what is to be achieved,” but not the “how to achieve it." - COBIT and COSO provide the “how to achieve it,” whereas ITIL provides the “what to achieve.” - COBIT and COSO deal with the financial controls, and ITIL deals with the IT controls. - ITIL deals with the financial controls, and COBIT and COSO deal with the IT controls.
Kernel flaw. Kernel flaws are vulnerabilities in the operating system kernel, below the user interface level. A flaw in the kernel that can be reached by an attacker and exploited gives an attacker the most powerful level of control over the system.Which commonly exploited vulnerability occurs below the level of the user interface, inside the core of the operating system? - Buffer overflow - Kernel flaw - File descriptor - Symbolic link
Provides system authentication. IPsec uses a message authentication code (MAC) function by calculating the Integrity Check Value (ICV) to provide data origin authentication. This means the receiving system knows what system sent the data. However, it does not mean that the actual user is authenticated, only the system that sent the information. If user authentication is required, credentials would need to be sent and verified, or a digital signature would need to be used. A symmetric key is not bound to an individual's identity as credentials and private keys are.Which of the following best describes a characteristic of IPsec? - Provides system authentication - Provides content filtering - Works as a proxy - Provides application layer protection
Criminal records. Criminal records are publicly available data under the General Data Protection Regulation (GDPR), which is consistent with the laws of most countries.All of the following are protected types of privacy data under the GDPR, except: - ID numbers - Health and genetic data - Political opinions - Criminal records
Session. The TCP/IP model is another model, like the OSI, that has been developed to modularize and try to explain conceptually where the different functions lie within a network stack. The TCP/IP model has only four layers: application, host-to-host, Internet, and network access. Sometimes the host-to-host layer is referred to as a transport layer.Which of the following is not a layer in the TCP/IP model? - Application - Session - Internet - Network access
Applets. Java applets are downloaded to a user's browser and converted from bytecode into machine-level code specific to that computer's CPU and platform. Applets have limited access to system resources because they are controlled within a virtual machine called a sandbox.Short Java programs that run within a user's browser are called __________________. - Malware - Plugins - Applets - Sandboxes
Hashing. The HAVAL algorithm is a single purpose algorithm that performs one-way hashing functionality. It creates a variable-length message digest, where the other hashing algorithms (MD, SHA) create a specific size message digest. The MD family creates a 128-bit message digest, and SHA creates a 160-bit message digest.The HAVAL algorithm performs what function? - Hashing - Key distribution - Digital signature - Encryption
Link encryption. Link encryption encrypts all data along a physical path between two endpoints and provides higher security and performance for the encryption services. Headers, trailers, data payload, and routing data would all be encrypted.Which type of encryption would be considered the more secured encryption method across a single link? - End-to-end encryption - Tunnel encryption - Transport encryption - Link encryption
Author of documents. Backup tape media should contain the date of creation, the name of the creator, how long it is good for (retention period), classification, and volume name and version. The label should contain the name of the person who backed up the data, but not necessarily who wrote the data.Which of the following does not need to be on the label for company backup tapes? - Date of creation - Author of documents - Classification - Retention period
A gas suppressant. These types of gases interfere with the chemical reactions in a fire and act as effective suppressing agents for class B and C fires. Halon is a gas that has been used in fire extinguishers for years and still exists in some older units. However, the EPA recently found that Halon is harmful to the ozone and potentially harmful to humans. Several replacement agents, including FM-200, are just as effective on fires as Halon and are being used in new units.The different classes of fires indicate what type of material is burning. The classes also require specific suppression agents. Which of the following is the best description of the Halon and FM-200 suppression agents? - CO2 - A gas suppressant - Water - Soda acid
Phone fraud. Blue Boxing was the process of simulating a frequency tone, which allowed attackers to gain free long distance phone service. This tone was interpreted by the telephone company's equipment as a valid command. Phreakers developed or purchased devices that made this tone to obtain free long distance calls.Blue Boxing was used in what type of attack? - Data diddling - Salami - Phone Fraud - Masquerading
System with database of authentication information. A centralized access technology must have a database of user information and authentication information so when users request access, their credentials can be properly checked. RADIUS and TACACS+ are examples of centralized access control technologies.Which of the following is required for LAN- and WAN-centralized access control technologies? - Single point of failure - RADIUS and TACAS+ - System with database of authentication information - Connection to ISP
An authentication system that creates one-time passwords that are encrypted with secret keys. There are two main types of synchronized token one-time password generators: counter-based and time-based. If the token device and authentication service use counter-synchronization, the user will need to initiate the logon sequence on the computer and push a button on the token device. This causes the token device and the authentication service to advance to the next authentication value. This value and a base secret is hashed and displayed to the user. This is the user's one-time password.Todd has been asked by the security officer to purchase a counter-based authentication system. Which of the following best describes this type of system? - A biometric system that bases authentication decisions on physical attributes - An authentication system that creates one-time passwords that are encrypted with secret keys - A biometric system that bases authentication decisions on behavioral attributes - An authentication system that uses passphrases that are converted into virtual passwords
An approach built on formal development and testing procedures. The cleanroom development model is used to create critical applications. Strict testing procedures are followed throughout this approach to ensure that no mistakes are made. This model is used to provide a very high-quality product.What is a cleanroom? - An approach built on formal development and testing procedures - An approach that runs at maximum efficiency by incorporating job rotation among team members - A classic approach that ensures each phase of development flows from one to the next - An approach that guarantees quick analysis by providing a “proof of concept”
Views. Database views are a common method of hiding information from people who do not have a need to know of specific types of data. In this example, both Ron and Kathy are accessing the same system, but they only have views of fields that relate to their job functions.Ron and Kathy work in two different departments and perform two different job functions. However, both utilize the same database for their jobs. When Ron opens his database, he sees four pages of input fields, while Kathy only sees two pages. What type of security protection has been implemented in their database? - Views - Data warehousing - Perturbation - Checkpointing
Self-contained. Worms are self-contained programs, meaning they can operate independently. Viruses, on the other hand, require some type of application for reproduction. Worms reproduce by themselves while residing on a victim's computer.Worms are different from viruses because they are _______. - In the wild - Not considered malware - Rely on an event to occur - Self-contained
Host-based intrusion detection system. Host-based intrusion detection system doesn't belong with this physical intrusion detection group. This control pertains to an individual computer and not to detecting unauthorized people who may try to enter a facility.Which one of the following security controls doesn't belong with the other three? - Host-based intrusion detection system - Photoelectric system - Acoustical-seismic detection system - Passive infrared system
A public key algorithm. El Gamal is an asymmetric algorithm, which is also called a public key algorithm. It can be used for digital signatures, encryption, and key exchange. It is not based on the difficulty of factoring large numbers, but is based on calculating discrete logarithms in a finite field.El Gamal has which of the following characteristics? - A symmetric algorithm - A hashing algorithm - A message authentication code algorithm - A public key algorithm
Communication between two switches at a central office. Trunks are used to connect multiple switches for traffic of the same class. The best example of a trunk is the communication channel between two voice switches at a local phone company’s central office. The other answers refer to links or lines that connect endpoints to a larger network.Trunk lines are used in which of the following scenarios? - Remote office ISDN writing for an employee - Communication between two switches at a central office - Internal wiring in a Token Ring architecture - Communication between terminals for different classes of traffic
Change production code. Production code should not be modified by developers in any way. This goes against proper change control, can break other components in production, and can disrupt the standardization of code in production across the board.In application development, good separation-of-duties practice states that the developer should not do what? - Change production code - Request management approval of a code change before developing the change - Perform unit tests - Pass the code to quality assurance and then to the librarian prior to its entry into production
ANN. Artificial neural network (ANN) is a computer network that mimics the functionality of the brain. It has units that mimic neurons and that attempt to simulate thought so that it can learn from different experiences. The more that the ANN can learn, the better results it can present to the users of the system.Which of the following is the electronic model based on the neural structure of the brain? - Expert system - ANN - Knowledge-based systems - Inference engine
Memory cards can store, but do not process, information while smart cards can process information. Smart cards have microprocessors and integrated circuits.How are smart cards and memory cards functionally different? - Memory cards process information while smart cards can store information but not process it - Memory cards can store, but do not process, information while smart cards can process information - Memory cards and smart cards store and process information but do so in different ways - Memory cards use integrated circuits and a processor
6to4. 6to4 is a transition mechanism for migrating from IPv4 to IPv6. It allows two systems using IPv6 to communicate if their traffic has to transverse an IPv4 network.Jacob is a network engineer and needs to ensure that each critical network device that is configured with an IPv6 address can communicate with other devices using IPv6 addresses, even if their traffic has to transverse IPv4 networks. Which of the following best describes what Jacob should configure for this need? - IPv4 forwarding - 6to4 - IPv6 routing - IP submasking - IPv6 routing - IP submasking
Asynchronous signals. Cable malfunctions, cable breaks, and the length of the cable directly correlate to the possibility of weakening a signal, which is attenuation.Which of the following does not cause signal attenuation? - Asynchronous signals - Cable malfunctions - Cable breaks - Length of the cable
Management, staff, and technical employees. Organizational security training programs are created and targeted to three specific audiences: managers, staff members, and technical employees. Each group receives the type of awareness training that best fits their responsibilities and roles within the organization. While an organization may also optionally provide training to contractors and customers, this is not typically part of the core security awareness and training the organization requires.For which of the following audiences are organizational security training programs created? - Management, staff, and customers - Technical employees, staff, and customers - Management, staff, and technical employees - Customers, contractors, and staff
Mandatory access control model. Mandatory access control (MAC) models use security labels to hold classification information assigned to objects. If a user wants to access an object, she must have an equal or greater level of clearance. Although military organizations commonly use security labels, the answer "military access control model" does not really exist.Security labels are used in what type of model? - Role-based access control model - Mandatory access control model - Discretionary access control model - Military access control model