Winter Special - 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4sdisc65

SSCP PDF

$38.5

$109.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

SSCP PDF + Testing Engine

$61.6

$175.99

3 Months Free Update

  • Exam Name: Systems Security Certified Practitioner
  • Last Update: Dec 7, 2024
  • Questions and Answers: 1074
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

SSCP Engine

$46.2

$131.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included

SSCP Practice Exam Questions with Answers Systems Security Certified Practitioner Certification

Question # 6

Which of the following are WELL KNOWN PORTS assigned by the IANA?

A.

Ports 0 to 255

B.

Ports 0 to 1024

C.

Ports 0 to 1023

D.

Ports 0 to 127

Full Access
Question # 7

A business continuity plan should list and prioritize the services that need to be brought back after a disaster strikes. Which of the following services is more likely to be of primary concern in the context of what your Disaster Recovery Plan would include?

A.

Marketing/Public relations

B.

Data/Telecomm/IS facilities

C.

IS Operations

D.

Facilities security

Full Access
Question # 8

Which device acting as a translator is used to connect two networks or applications from layer 4 up to layer 7 of the ISO/OSI Model?

A.

Bridge

B.

Repeater

C.

Router

D.

Gateway

Full Access
Question # 9

What is called an attack in which an attacker floods a system with connection requests but does not respond when the target system replies to those requests?

A.

Ping of death attack

B.

SYN attack

C.

Smurf attack

D.

Buffer overflow attack

Full Access
Question # 10

Which of the following LAN topologies offers the highest availability?

A.

Bus topology

B.

Tree topology

C.

Full mesh topology

D.

Partial mesh topology

Full Access
Question # 11

Which of the following is a token-passing scheme like token ring that also has a second ring that remains dormant until an error condition is detected on the primary ring?

A.

Fiber Distributed Data Interface (FDDI).

B.

Ethernet

C.

Fast Ethernet

D.

Broadband

Full Access
Question # 12

How many bits of a MAC address uniquely identify a vendor, as provided by the IEEE?

A.

6 bits

B.

12 bits

C.

16 bits

D.

24 bits

Full Access
Question # 13

Proxies works by transferring a copy of each accepted data packet from one network to another, thereby masking the:

A.

data's payload

B.

data's details

C.

data's owner

D.

data's origin

Full Access
Question # 14

FTP, TFTP, SNMP, and SMTP are provided at what level of the Open Systems Interconnect (OSI) Reference Model?

A.

Application

B.

Network

C.

Presentation

D.

Transport

Full Access
Question # 15

What is the greatest danger from DHCP?

A.

An intruder on the network impersonating a DHCP server and thereby misconfiguring the DHCP clients.

B.

Having multiple clients on the same LAN having the same IP address.

C.

Having the wrong router used as the default gateway.

D.

Having the organization's mail server unreachable.

Full Access
Question # 16

The standard server port number for HTTP is which of the following?

A.

81

B.

80

C.

8080

D.

8180

Full Access
Question # 17

What is the main characteristic of a multi-homed host?

A.

It is placed between two routers or firewalls.

B.

It allows IP routing.

C.

It has multiple network interfaces, each connected to separate networks.

D.

It operates at multiple layers.

Full Access
Question # 18

Which layer of the DoD TCP/IP model controls the communication flow between hosts?

A.

Internet layer

B.

Host-to-host transport layer

C.

Application layer

D.

Network access layer

Full Access
Question # 19

Which of the following countermeasures would be the most appropriate to prevent possible intrusion or damage from wardialing attacks?

A.

Monitoring and auditing for such activity

B.

Require user authentication

C.

Making sure only necessary phone numbers are made public

D.

Using completely different numbers for voice and data accesses

Full Access
Question # 20

Which OSI/ISO layer does a SOCKS server operate at?

A.

Session layer

B.

Transport layer

C.

Network layer

D.

Data link layer

Full Access
Question # 21

Which of the following would be used to detect and correct errors so that integrity and confidentiality of transactions over networks may be maintained while preventing unauthorize interception of the traffic?

A.

Information security

B.

Server security

C.

Client security

D.

Communications security

Full Access
Question # 22

What is a decrease in amplitude as a signal propagates along a transmission medium best known as?

A.

Crosstalk

B.

Noise

C.

Delay distortion

D.

Attenuation

Full Access
Question # 23

Which of the following media is MOST resistant to EMI interference?

A.

microwave

B.

fiber optic

C.

twisted pair

D.

coaxial cable

Full Access
Question # 24

What is the MOST critical piece to disaster recovery and continuity planning?

A.

Security policy

B.

Management support

C.

Availability of backup information processing facilities

D.

Staff training

Full Access
Question # 25

Secure Shell (SSH) is a strong method of performing:

A.

client authentication

B.

server authentication

C.

host authentication

D.

guest authentication

Full Access
Question # 26

Which backup method only copies files that have been recently added or changed and also leaves the archive bit unchanged?

A.

Full backup method

B.

Incremental backup method

C.

Fast backup method

D.

Differential backup method

Full Access
Question # 27

Which layer of the TCP/IP protocol stack corresponds to the ISO/OSI Network layer (layer 3)?

A.

Host-to-host layer

B.

Internet layer

C.

Network access layer

D.

Session layer

Full Access
Question # 28

Which of the following is an advantage that UDP has over TCP?

A.

UDP is connection-oriented whereas TCP is not.

B.

UDP is more reliable than TCP.

C.

UDP is faster than TCP.

D.

UDP makes a better effort to deliver packets.

Full Access
Question # 29

Which of the following mechanisms was created to overcome the problem of collisions that occur on wired networks when traffic is simultaneously transmitted from different nodes?

A.

Carrier sense multiple access with collision avoidance (CSMA/CA)

B.

Carrier sense multiple access with collision detection (CSMA/CD)

C.

Polling

D.

Token-passing

Full Access
Question # 30

Which type of attack involves the alteration of a packet at the IP level to convince a system that it is communicating with a known entity in order to gain access to a system?

A.

TCP sequence number attack

B.

IP spoofing attack

C.

Piggybacking attack

D.

Teardrop attack

Full Access
Question # 31

The deliberate planting of apparent flaws in a system for the purpose of detecting attempted penetrations or confusing an intruder about which flaws to exploit is called:

A.

alteration

B.

investigation

C.

entrapment

D.

enticement.

Full Access
Question # 32

After a company is out of an emergency state, what should be moved back to the original site first?

A.

Executives

B.

Least critical components

C.

IT support staff

D.

Most critical components

Full Access
Question # 33

Which one of the following represents an ALE calculation?

A.

single loss expectancy x annualized rate of occurrence.

B.

gross loss expectancy x loss frequency.

C.

actual replacement cost - proceeds of salvage.

D.

asset value x loss expectancy.

Full Access
Question # 34

Controls are implemented to:

A.

eliminate risk and reduce the potential for loss

B.

mitigate risk and eliminate the potential for loss

C.

mitigate risk and reduce the potential for loss

D.

eliminate risk and eliminate the potential for loss

Full Access
Question # 35

What is called an event or activity that has the potential to cause harm to the information systems or networks?

A.

Vulnerability

B.

Threat agent

C.

Weakness

D.

Threat

Full Access
Question # 36

What can be defined as a batch process dumping backup data through communications lines to a server at an alternate location?

A.

Remote journaling

B.

Electronic vaulting

C.

Data clustering

D.

Database shadowing

Full Access
Question # 37

A momentary power outage is a:

A.

spike

B.

blackout

C.

surge

D.

fault

Full Access
Question # 38

During the testing of the business continuity plan (BCP), which of the following methods of results analysis provides the BEST assurance that the plan is workable?

A.

Measurement of accuracy

B.

Elapsed time for completion of critical tasks

C.

Quantitatively measuring the results of the test

D.

Evaluation of the observed test results

Full Access
Question # 39

Which backup method is additive because the time and tape space required for each night's backup grows during the week as it copies the day's changed files and the previous days' changed files up to the last full backup?

A.

differential backup method

B.

full backup method

C.

incremental backup method

D.

tape backup method.

Full Access
Question # 40

What is the highest amount a company should spend annually on countermeasures for protecting an asset valued at $1,000,000 from a threat that has an annualized rate of occurrence (ARO) of once every five years and an exposure factor (EF) of 30%?

A.

$300,000

B.

$150,000

C.

$60,000

D.

$1,500

Full Access
Question # 41

This type of supporting evidence is used to help prove an idea or a point, however It cannot stand on its own, it is used as a supplementary tool to help prove a primary piece of evidence. What is the name of this type of evidence?

A.

Circumstantial evidence

B.

Corroborative evidence

C.

Opinion evidence

D.

Secondary evidence

Full Access
Question # 42

The absence of a safeguard, or a weakness in a system that may possibly be exploited is called a(n)?

A.

Threat

B.

Exposure

C.

Vulnerability

D.

Risk

Full Access
Question # 43

Which of the following virus types changes some of its characteristics as it spreads?

A.

Boot Sector

B.

Parasitic

C.

Stealth

D.

Polymorphic

Full Access
Question # 44

What best describes a scenario when an employee has been shaving off pennies from multiple accounts and depositing the funds into his own bank account?

A.

Data fiddling

B.

Data diddling

C.

Salami techniques

D.

Trojan horses

Full Access
Question # 45

When you update records in multiple locations or you make a copy of the whole database at a remote location as a way to achieve the proper level of fault-tolerance and redundancy, it is knows as?

A.

Shadowing

B.

Data mirroring

C.

Backup

D.

Archiving

Full Access
Question # 46

The high availability of multiple all-inclusive, easy-to-use hacking tools that do NOT require much technical knowledge has brought a growth in the number of which type of attackers?

A.

Black hats

B.

White hats

C.

Script kiddies

D.

Phreakers

Full Access
Question # 47

Which virus category has the capability of changing its own code, making it harder to detect by anti-virus software?

A.

Stealth viruses

B.

Polymorphic viruses

C.

Trojan horses

D.

Logic bombs

Full Access
Question # 48

What do the ILOVEYOU and Melissa virus attacks have in common?

A.

They are both denial-of-service (DOS) attacks.

B.

They have nothing in common.

C.

They are both masquerading attacks.

D.

They are both social engineering attacks.

Full Access
Question # 49

In computing what is the name of a non-self-replicating type of malware program containing malicious code that appears to have some useful purpose but also contains code that has a malicious or harmful purpose imbedded in it, when executed, carries out actions that are unknown to the person installing it, typically causing loss or theft of data, and possible system harm.

A.

virus

B.

worm

C.

Trojan horse.

D.

trapdoor

Full Access
Question # 50

Java is not:

A.

Object-oriented.

B.

Distributed.

C.

Architecture Specific.

D.

Multithreaded.

Full Access
Question # 51

Which of the following technologies is a target of XSS or CSS (Cross-Site Scripting) attacks?

A.

Web Applications

B.

Intrusion Detection Systems

C.

Firewalls

D.

DNS Servers

Full Access
Question # 52

Which of the following is most likely to be useful in detecting intrusions?

A.

Access control lists

B.

Security labels

C.

Audit trails

D.

Information security policies

Full Access
Question # 53

In order to enable users to perform tasks and duties without having to go through extra steps it is important that the security controls and mechanisms that are in place have a degree of?

A.

Complexity

B.

Non-transparency

C.

Transparency

D.

Simplicity

Full Access
Question # 54

Why would anomaly detection IDSs often generate a large number of false positives?

A.

Because they can only identify correctly attacks they already know about.

B.

Because they are application-based are more subject to attacks.

C.

Because they can't identify abnormal behavior.

D.

Because normal patterns of user and system behavior can vary wildly.

Full Access
Question # 55

Attributes that characterize an attack are stored for reference using which of the following Intrusion Detection System (IDS) ?

A.

signature-based IDS

B.

statistical anomaly-based IDS

C.

event-based IDS

D.

inferent-based IDS

Full Access
Question # 56

Controls provide accountability for individuals who are accessing sensitive information. This accountability is accomplished:

A.

through access control mechanisms that require identification and authentication and through the audit function.

B.

through logical or technical controls involving the restriction of access to systems and the protection of information.

C.

through logical or technical controls but not involving the restriction of access to systems and the protection of information.

D.

through access control mechanisms that do not require identification and authentication and do not operate through the audit function.

Full Access
Question # 57

Several analysis methods can be employed by an IDS, each with its own strengths and weaknesses, and their applicability to any given situation should be carefully considered. There are two basic IDS analysis methods that exists. Which of the basic method is more prone to false positive?

A.

Pattern Matching (also called signature analysis)

B.

Anomaly Detection

C.

Host-based intrusion detection

D.

Network-based intrusion detection

Full Access
Question # 58

What setup should an administrator use for regularly testing the strength of user passwords?

A.

A networked workstation so that the live password database can easily be accessed by the cracking program.

B.

A networked workstation so the password database can easily be copied locally and processed by the cracking program.

C.

A standalone workstation on which the password database is copied and processed by the cracking program.

D.

A password-cracking program is unethical; therefore it should not be used.

Full Access
Question # 59

Which of the following is an IDS that acquires data and defines a "normal" usage profile for the network or host?

A.

Statistical Anomaly-Based ID

B.

Signature-Based ID

C.

dynamical anomaly-based ID

D.

inferential anomaly-based ID

Full Access
Question # 60

Network-based Intrusion Detection systems:

A.

Commonly reside on a discrete network segment and monitor the traffic on that network segment.

B.

Commonly will not reside on a discrete network segment and monitor the traffic on that network segment.

C.

Commonly reside on a discrete network segment and does not monitor the traffic on that network segment.

D.

Commonly reside on a host and and monitor the traffic on that specific host.

Full Access
Question # 61

Which of the following would be LESS likely to prevent an employee from reporting an incident?

A.

They are afraid of being pulled into something they don't want to be involved with.

B.

The process of reporting incidents is centralized.

C.

They are afraid of being accused of something they didn't do.

D.

They are unaware of the company's security policies and procedures.

Full Access
Question # 62

Which of the following would assist the most in Host Based intrusion detection?

A.

audit trails.

B.

access control lists.

C.

security clearances

D.

host-based authentication

Full Access
Question # 63

Knowledge-based Intrusion Detection Systems (IDS) are more common than:

A.

Network-based IDS

B.

Host-based IDS

C.

Behavior-based IDS

D.

Application-Based IDS

Full Access
Question # 64

What is the essential difference between a self-audit and an independent audit?

A.

Tools used

B.

Results

C.

Objectivity

D.

Competence

Full Access
Question # 65

If an organization were to monitor their employees' e-mail, it should not:

A.

Monitor only a limited number of employees.

B.

Inform all employees that e-mail is being monitored.

C.

Explain who can read the e-mail and how long it is backed up.

D.

Explain what is considered an acceptable use of the e-mail system.

Full Access
Question # 66

Which conceptual approach to intrusion detection system is the most common?

A.

Behavior-based intrusion detection

B.

Knowledge-based intrusion detection

C.

Statistical anomaly-based intrusion detection

D.

Host-based intrusion detection

Full Access
Question # 67

What ensures that the control mechanisms correctly implement the security policy for the entire life cycle of an information system?

A.

Accountability controls

B.

Mandatory access controls

C.

Assurance procedures

D.

Administrative controls

Full Access
Question # 68

In the process of gathering evidence from a computer attack, a system administrator took a series of actions which are listed below. Can you identify which one of these actions has compromised the whole evidence collection process?

A.

Using a write blocker

B.

Made a full-disk image

C.

Created a message digest for log files

D.

Displayed the contents of a folder

Full Access
Question # 69

Most access violations are:

A.

Accidental

B.

Caused by internal hackers

C.

Caused by external hackers

D.

Related to Internet

Full Access
Question # 70

The IP header contains a protocol field. If this field contains the value of 51, what type of data is contained within the ip datagram?

A.

Transmission Control Protocol (TCP)

B.

Authentication Header (AH)

C.

User datagram protocol (UDP)

D.

Internet Control Message Protocol (ICMP)

Full Access
Question # 71

Which of the following is defined as the most recent point in time to which data must be synchronized without adversely affecting the organization (financial or operational impacts)?

A.

Recovery Point Objective

B.

Recovery Time Objective

C.

Point of Time Objective

D.

Critical Time Objective

Full Access
Question # 72

All of the following can be considered essential business functions that should be identified when creating a Business Impact Analysis (BIA) except one. Which of the following would not be considered an essential element of the BIA but an important TOPIC to include within the BCP plan:

A.

IT Network Support

B.

Accounting

C.

Public Relations

D.

Purchasing

Full Access
Question # 73

What would be the Annualized Rate of Occurrence (ARO) of the threat "user input error", in the case where a company employs 100 data entry clerks and every one of them makes one input error each month?

A.

100

B.

120

C.

1

D.

1200

Full Access
Question # 74

The RSA Algorithm uses which mathematical concept as the basis of its encryption?

A.

Geometry

B.

16-round ciphers

C.

PI (3.14159...)

D.

Two large prime numbers

Full Access
Question # 75

Which of the following algorithms is a stream cipher?

A.

RC2

B.

RC4

C.

RC5

D.

RC6

Full Access
Question # 76

Who should measure the effectiveness of Information System security related controls in an organization?

A.

The local security specialist

B.

The business manager

C.

The systems auditor

D.

The central security manager

Full Access
Question # 77

Which of the following types of Intrusion Detection Systems uses behavioral characteristics of a system’s operation or network traffic to draw conclusions on whether the traffic represents a risk to the network or host?

A.

Network-based ID systems.

B.

Anomaly Detection.

C.

Host-based ID systems.

D.

Signature Analysis.

Full Access
Question # 78

Which one of the following statements about the advantages and disadvantages of network-based Intrusion detection systems is true

A.

Network-based IDSs are not vulnerable to attacks.

B.

Network-based IDSs are well suited for modern switch-based networks.

C.

Most network-based IDSs can automatically indicate whether or not an attack was successful.

D.

The deployment of network-based IDSs has little impact upon an existing network.

Full Access
Question # 79

A timely review of system access audit records would be an example of which of the basic security functions?

A.

avoidance

B.

deterrence

C.

prevention

D.

detection

Full Access
Question # 80

How often should a Business Continuity Plan be reviewed?

A.

At least once a month

B.

At least every six months

C.

At least once a year

D.

At least Quarterly

Full Access
Question # 81

Which of the following is needed for System Accountability?

A.

Audit mechanisms.

B.

Documented design as laid out in the Common Criteria.

C.

Authorization.

D.

Formal verification of system design.

Full Access
Question # 82

Which of the following Intrusion Detection Systems (IDS) uses a database of attacks, known system vulnerabilities, monitoring current attempts to exploit those vulnerabilities, and then triggers an alarm if an attempt is found?

A.

Knowledge-Based ID System

B.

Application-Based ID System

C.

Host-Based ID System

D.

Network-Based ID System

Full Access
Question # 83

Which of the following is a disadvantage of a statistical anomaly-based intrusion detection system?

A.

it may truly detect a non-attack event that had caused a momentary anomaly in the system.

B.

it may falsely detect a non-attack event that had caused a momentary anomaly in the system.

C.

it may correctly detect a non-attack event that had caused a momentary anomaly in the system.

D.

it may loosely detect a non-attack event that had caused a momentary anomaly in the system.

Full Access
Question # 84

Which of the following are the two MOST common implementations of Intrusion Detection Systems?

A.

Server-based and Host-based.

B.

Network-based and Guest-based.

C.

Network-based and Client-based.

D.

Network-based and Host-based.

Full Access
Question # 85

Which of the following is not a preventive operational control?

A.

Protecting laptops, personal computers and workstations.

B.

Controlling software viruses.

C.

Controlling data media access and disposal.

D.

Conducting security awareness and technical training.

Full Access
Question # 86

Which of the following is used to monitor network traffic or to monitor host audit logs in real time to determine violations of system security policy that have taken place?

A.

Intrusion Detection System

B.

Compliance Validation System

C.

Intrusion Management System (IMS)

D.

Compliance Monitoring System

Full Access
Question # 87

Who is responsible for providing reports to the senior management on the effectiveness of the security controls?

A.

Information systems security professionals

B.

Data owners

C.

Data custodians

D.

Information systems auditors

Full Access
Question # 88

Which of the following questions are least likely to help in assessing controls covering audit trails?

A.

Does the audit trail provide a trace of user actions?

B.

Are incidents monitored and tracked until resolved?

C.

Is access to online logs strictly controlled?

D.

Is there separation of duties between security personnel who administer the access control function and those who administer the audit trail?

Full Access
Question # 89

Which of the following would NOT violate the Due Diligence concept?

A.

Security policy being outdated

B.

Data owners not laying out the foundation of data protection

C.

Network administrator not taking mandatory two-week vacation as planned

D.

Latest security patches for servers being installed as per the Patch Management process

Full Access
Question # 90

PGP uses which of the following to encrypt data?

A.

An asymmetric encryption algorithm

B.

A symmetric encryption algorithm

C.

A symmetric key distribution system

D.

An X.509 digital certificate

Full Access
Question # 91

Which of the following teams should NOT be included in an organization's contingency plan?

A.

Damage assessment team

B.

Hardware salvage team

C.

Tiger team

D.

Legal affairs team

Full Access
Question # 92

Which of the following steps should be one of the first step performed in a Business Impact Analysis (BIA)?

A.

Identify all CRITICAL business units within the organization.

B.

Evaluate the impact of disruptive events.

C.

Estimate the Recovery Time Objectives (RTO).

D.

Identify and Prioritize Critical Organization Functions

Full Access
Question # 93

Computer security should be first and foremost which of the following:

A.

Cover all identified risks

B.

Be cost-effective.

C.

Be examined in both monetary and non-monetary terms.

D.

Be proportionate to the value of IT systems.

Full Access
Question # 94

To be admissible in court, computer evidence must be which of the following?

A.

Relevant

B.

Decrypted

C.

Edited

D.

Incriminating

Full Access
Question # 95

Which of the following statements pertaining to ethical hacking is incorrect?

A.

An organization should use ethical hackers who do not sell auditing, hardware, software, firewall, hosting, and/or networking services.

B.

Testing should be done remotely to simulate external threats.

C.

Ethical hacking should not involve writing to or modifying the target systems negatively.

D.

Ethical hackers never use tools that have the potential of affecting servers or services.

Full Access
Question # 96

What is the PRIMARY goal of incident handling?

A.

Successfully retrieve all evidence that can be used to prosecute

B.

Improve the company's ability to be prepared for threats and disasters

C.

Improve the company's disaster recovery plan

D.

Contain and repair any damage caused by an event.

Full Access
Question # 97

For which areas of the enterprise are business continuity plans required?

A.

All areas of the enterprise.

B.

The financial and information processing areas of the enterprise.

C.

The operating areas of the enterprise.

D.

The marketing, finance, and information processing areas.

Full Access
Question # 98

A momentary low voltage, from 1 cycle to a few seconds, is a:

A.

spike

B.

blackout

C.

sag

D.

fault

Full Access
Question # 99

Which of the following computer recovery sites is only partially equipped with processing equipment?

A.

hot site

B.

rolling hot site

C.

warm site

D.

cold site

Full Access
Question # 100

What can be described as a measure of the magnitude of loss or impact on the value of an asset?

A.

Probability

B.

Exposure factor

C.

Vulnerability

D.

Threat

Full Access
Question # 101

Which disaster recovery plan test involves functional representatives meeting to review the plan in detail?

A.

Simulation test

B.

Checklist test

C.

Parallel test

D.

Structured walk-through test

Full Access
Question # 102

Which of the following best defines a Computer Security Incident Response Team (CSIRT)?

A.

An organization that provides a secure channel for receiving reports about suspected security incidents.

B.

An organization that ensures that security incidents are reported to the authorities.

C.

An organization that coordinates and supports the response to security incidents.

D.

An organization that disseminates incident-related information to its constituency and other involved parties.

Full Access
Question # 103

Prior to a live disaster test also called a Full Interruption test, which of the following is most important?

A.

Restore all files in preparation for the test.

B.

Document expected findings.

C.

Arrange physical security for the test site.

D.

Conduct of a successful Parallel Test

Full Access
Question # 104

Which of the following is NOT a common backup method?

A.

Full backup method

B.

Daily backup method

C.

Incremental backup method

D.

Differential backup method

Full Access
Question # 105

Which backup method usually resets the archive bit on the files after they have been backed up?

A.

Incremental backup method.

B.

Differential backup method.

C.

Partial backup method.

D.

Tape backup method.

Full Access
Question # 106

Risk mitigation and risk reduction controls for providing information security are classified within three main categories, which of the following are being used?

A.

preventive, corrective, and administrative

B.

detective, corrective, and physical

C.

Physical, technical, and administrative

D.

Administrative, operational, and logical

Full Access
Question # 107

A momentary high voltage is a:

A.

spike

B.

blackout

C.

surge

D.

fault

Full Access
Question # 108

Which of the following specifically addresses cyber attacks against an organization's IT systems?

A.

Continuity of support plan

B.

Business continuity plan

C.

Incident response plan

D.

Continuity of operations plan

Full Access
Question # 109

Which of the following questions is less likely to help in assessing an organization's contingency planning controls?

A.

Is damaged media stored and/or destroyed?

B.

Are the backup storage site and alternate site geographically far enough from the primary site?

C.

Is there an up-to-date copy of the plan stored securely off-site?

D.

Is the location of stored backups identified?

Full Access
Question # 110

Which of the following categories of hackers poses the greatest threat?

A.

Disgruntled employees

B.

Student hackers

C.

Criminal hackers

D.

Corporate spies

Full Access
Question # 111

Which of the following cannot be undertaken in conjunction or while computer incident handling is ongoing?

A.

System development activity

B.

Help-desk function

C.

System Imaging

D.

Risk management process

Full Access
Question # 112

Contracts and agreements are often times unenforceable or hard to enforce in which of the following alternate facility recovery agreement?

A.

hot site

B.

warm site

C.

cold site

D.

reciprocal agreement

Full Access
Question # 113

Which of the following statements do not apply to a hot site?

A.

It is expensive.

B.

There are cases of common overselling of processing capabilities by the service provider.

C.

It provides a false sense of security.

D.

It is accessible on a first come first serve basis. In case of large disaster it might not be accessible.

Full Access
Question # 114

Which of the following is an Internet IPsec protocol to negotiate, establish, modify, and delete security associations, and to exchange key generation and authentication data, independent of the details of any specific key generation technique, key establishment protocol, encryption algorithm, or authentication mechanism?

A.

OAKLEY

B.

Internet Security Association and Key Management Protocol (ISAKMP)

C.

Simple Key-management for Internet Protocols (SKIP)

D.

IPsec Key exchange (IKE)

Full Access
Question # 115

Which of the following was developed in order to protect against fraud in electronic fund transfers (EFT) by ensuring the message comes from its claimed originator and that it has not been altered in transmission?

A.

Secure Electronic Transaction (SET)

B.

Message Authentication Code (MAC)

C.

Cyclic Redundancy Check (CRC)

D.

Secure Hash Standard (SHS)

Full Access
Question # 116

Which of the following is NOT a property of the Rijndael block cipher algorithm?

A.

The key sizes must be a multiple of 32 bits

B.

Maximum block size is 256 bits

C.

Maximum key size is 512 bits

D.

The key size does not have to match the block size

Full Access
Question # 117

A public key algorithm that does both encryption and digital signature is which of the following?

A.

RSA

B.

DES

C.

IDEA

D.

Diffie-Hellman

Full Access
Question # 118

Which encryption algorithm is BEST suited for communication with handheld wireless devices?

A.

ECC (Elliptic Curve Cryptosystem)

B.

RSA

C.

SHA

D.

RC4

Full Access
Question # 119

What can be defined as a value computed with a cryptographic algorithm and appended to a data object in such a way that any recipient of the data can use the signature to verify the data's origin and integrity?

A.

A digital envelope

B.

A cryptographic hash

C.

A Message Authentication Code

D.

A digital signature

Full Access
Question # 120

Where parties do not have a shared secret and large quantities of sensitive information must be passed, the most efficient means of transferring information is to use Hybrid Encryption Methods. What does this mean?

A.

Use of public key encryption to secure a secret key, and message encryption using the secret key.

B.

Use of the recipient's public key for encryption and decryption based on the recipient's private key.

C.

Use of software encryption assisted by a hardware encryption accelerator.

D.

Use of elliptic curve encryption.

Full Access
Question # 121

What enables users to validate each other's certificate when they are certified under different certification hierarchies?

A.

Cross-certification

B.

Multiple certificates

C.

Redundant certification authorities

D.

Root certification authorities

Full Access
Question # 122

Attributable data should be:

A.

always traced to individuals responsible for observing and recording the data

B.

sometimes traced to individuals responsible for observing and recording the data

C.

never traced to individuals responsible for observing and recording the data

D.

often traced to individuals responsible for observing and recording the data

Full Access
Question # 123

One of the following statements about the differences between PPTP and L2TP is NOT true

A.

PPTP can run only on top of IP networks.

B.

PPTP is an encryption protocol and L2TP is not.

C.

L2TP works well with all firewalls and network devices that perform NAT.

D.

L2TP supports AAA servers

Full Access
Question # 124

At which OSI/ISO layer is an encrypted authentication between a client software package and a firewall performed?

A.

Network layer

B.

Session layer

C.

Transport layer

D.

Data link layer

Full Access
Question # 125

Which of the following IEEE standards defines the token ring media access method?

A.

802.3

B.

802.11

C.

802.5

D.

802.2

Full Access
Question # 126

The IP header contains a protocol field. If this field contains the value of 6, what type of data is contained within the ip datagram?

A.

TCP.

B.

ICMP.

C.

UDP.

D.

IGMP.

Full Access
Question # 127

Why is Network File System (NFS) used?

A.

It enables two different types of file systems to interoperate.

B.

It enables two different types of file systems to share Sun applications.

C.

It enables two different types of file systems to use IP/IPX.

D.

It enables two different types of file systems to emulate each other.

Full Access
Question # 128

Before the advent of classless addressing, the address 128.192.168.16 would have been considered part of:

A.

a class A network.

B.

a class B network.

C.

a class C network.

D.

a class D network.

Full Access
Question # 129

Which of the following protocols that provide integrity and authentication for IPSec, can also provide non-repudiation in IPSec?

A.

Authentication Header (AH)

B.

Encapsulating Security Payload (ESP)

C.

Secure Sockets Layer (SSL)

D.

Secure Shell (SSH-2)

Full Access
Question # 130

Which of the following is the BEST way to detect software license violations?

A.

Implementing a corporate policy on copyright infringements and software use.

B.

Requiring that all PCs be diskless workstations.

C.

Installing metering software on the LAN so applications can be accessed through the metered software.

D.

Regularly scanning PCs in use to ensure that unauthorized copies of software have not been loaded on the PC.

Full Access
Question # 131

A periodic review of user account management should not determine:

A.

Conformity with the concept of least privilege.

B.

Whether active accounts are still being used.

C.

Strength of user-chosen passwords.

D.

Whether management authorizations are up-to-date.

Full Access
Question # 132

What would be considered the biggest drawback of Host-based Intrusion Detection systems (HIDS)?

A.

It can be very invasive to the host operating system

B.

Monitors all processes and activities on the host system only

C.

Virtually eliminates limits associated with encryption

D.

They have an increased level of visibility and control compared to NIDS

Full Access
Question # 133

In an online transaction processing system (OLTP), which of the following actions should be taken when erroneous or invalid transactions are detected?

A.

The transactions should be dropped from processing.

B.

The transactions should be processed after the program makes adjustments.

C.

The transactions should be written to a report and reviewed.

D.

The transactions should be corrected and reprocessed.

Full Access
Question # 134

Which of the following is NOT a characteristic of a host-based intrusion detection system?

A.

A HIDS does not consume large amounts of system resources

B.

A HIDS can analyse system logs, processes and resources

C.

A HIDS looks for unauthorized changes to the system

D.

A HIDS can notify system administrators when unusual events are identified

Full Access
Question # 135

Which of the following monitors network traffic in real time?

A.

network-based IDS

B.

host-based IDS

C.

application-based IDS

D.

firewall-based IDS

Full Access
Question # 136

Which protocol is NOT implemented in the Network layer of the OSI Protocol Stack?

A.

hyper text transport protocol

B.

Open Shortest Path First

C.

Internet Protocol

D.

Routing Information Protocol

Full Access
Question # 137

The viewing of recorded events after the fact using a closed-circuit TV camera is considered a

A.

Preventative control.

B.

Detective control

C.

Compensating control

D.

Corrective control

Full Access
Question # 138

Which of the following is NOT a valid reason to use external penetration service firms rather than corporate resources?

A.

They are more cost-effective

B.

They offer a lack of corporate bias

C.

They use highly talented ex-hackers

D.

They ensure a more complete reporting

Full Access
Question # 139

Which of the following is required in order to provide accountability?

A.

Authentication

B.

Integrity

C.

Confidentiality

D.

Audit trails

Full Access
Question # 140

Which of the following is NOT a fundamental component of an alarm in an intrusion detection system?

A.

Communications

B.

Enunciator

C.

Sensor

D.

Response

Full Access
Question # 141

What is the name of the protocol use to set up and manage Security Associations (SA) for IP Security (IPSec)?

A.

Internet Key Exchange (IKE)

B.

Secure Key Exchange Mechanism

C.

Oakley

D.

Internet Security Association and Key Management Protocol

Full Access
Question # 142

You work in a police department forensics lab where you examine computers for evidence of crimes. Your work is vital to the success of the prosecution of criminals.

One day you receive a laptop and are part of a two man team responsible for examining it together. However, it is lunch time and after receiving the laptop you leave it on your desk and you both head out to lunch.

What critical step in forensic evidence have you forgotten?

A.

Chain of custody

B.

Locking the laptop in your desk

C.

Making a disk image for examination

D.

Cracking the admin password with chntpw

Full Access
Question # 143

How many rounds are used by DES?

A.

16

B.

32

C.

64

D.

48

Full Access
Question # 144

Which type of encryption is considered to be unbreakable if the stream is truly random and is as large as the plaintext and never reused in whole or part?

A.

One Time Pad (OTP)

B.

One time Cryptopad (OTC)

C.

Cryptanalysis

D.

Pretty Good Privacy (PGP)

Full Access
Question # 145

Which of the following is true about link encryption?

A.

Each entity has a common key with the destination node.

B.

Encrypted messages are only decrypted by the final node.

C.

This mode does not provide protection if anyone of the nodes along the transmission path is compromised.

D.

Only secure nodes are used in this type of transmission.

Full Access
Question # 146

What is the length of an MD5 message digest?

A.

128 bits

B.

160 bits

C.

256 bits

D.

varies depending upon the message size.

Full Access
Question # 147

Which of the following can best define the "revocation request grace period"?

A.

The period of time allotted within which the user must make a revocation request upon a revocation reason

B.

Minimum response time for performing a revocation by the CA

C.

Maximum response time for performing a revocation by the CA

D.

Time period between the arrival of a revocation request and the publication of the revocation information

Full Access
Question # 148

Which of the following is more suitable for a hardware implementation?

A.

Stream ciphers

B.

Block ciphers

C.

Cipher block chaining

D.

Electronic code book

Full Access
Question # 149

Which of the following is NOT a symmetric key algorithm?

A.

Blowfish

B.

Digital Signature Standard (DSS)

C.

Triple DES (3DES)

D.

RC5

Full Access
Question # 150

Which of the following is a symmetric encryption algorithm?

A.

RSA

B.

Elliptic Curve

C.

RC5

D.

El Gamal

Full Access
Question # 151

What can be defined as a digital certificate that binds a set of descriptive data items, other than a public key, either directly to a subject name or to the identifier of another certificate that is a public-key certificate?

A.

A public-key certificate

B.

An attribute certificate

C.

A digital certificate

D.

A descriptive certificate

Full Access
Question # 152

What can be defined as secret communications where the very existence of the message is hidden?

A.

Clustering

B.

Steganography

C.

Cryptology

D.

Vernam cipher

Full Access
Question # 153

Which of the following is not a disadvantage of symmetric cryptography when compared with Asymmetric Ciphers?

A.

Provides Limited security services

B.

Has no built in Key distribution

C.

Speed

D.

Large number of keys are needed

Full Access
Question # 154

Which of the following statements pertaining to stream ciphers is correct?

A.

A stream cipher is a type of asymmetric encryption algorithm.

B.

A stream cipher generates what is called a keystream.

C.

A stream cipher is slower than a block cipher.

D.

A stream cipher is not appropriate for hardware-based encryption.

Full Access
Question # 155

Which of the following is not an example of a block cipher?

A.

Skipjack

B.

IDEA

C.

Blowfish

D.

RC4

Full Access
Question # 156

Which of the following binds a subject name to a public key value?

A.

A public-key certificate

B.

A public key infrastructure

C.

A secret key infrastructure

D.

A private key certificate

Full Access
Question # 157

What does the directive of the European Union on Electronic Signatures deal with?

A.

Encryption of classified data

B.

Encryption of secret data

C.

Non repudiation

D.

Authentication of web servers

Full Access
Question # 158

Which of the following is an issue with signature-based intrusion detection systems?

A.

Only previously identified attack signatures are detected.

B.

Signature databases must be augmented with inferential elements.

C.

It runs only on the windows operating system

D.

Hackers can circumvent signature evaluations.

Full Access
Question # 159

Which of the following are additional terms used to describe knowledge-based IDS and behavior-based IDS?

A.

signature-based IDS and statistical anomaly-based IDS, respectively

B.

signature-based IDS and dynamic anomaly-based IDS, respectively

C.

anomaly-based IDS and statistical-based IDS, respectively

D.

signature-based IDS and motion anomaly-based IDS, respectively.

Full Access
Question # 160

Which of the following was not designed to be a proprietary encryption algorithm?

A.

RC2

B.

RC4

C.

Blowfish

D.

Skipjack

Full Access
Question # 161

Which of the following can best be defined as a key distribution protocol that uses hybrid encryption to convey session keys. This protocol establishes a long-term key once, and then requires no prior communication in order to establish or exchange keys on a session-by-session basis?

A.

Internet Security Association and Key Management Protocol (ISAKMP)

B.

Simple Key-management for Internet Protocols (SKIP)

C.

Diffie-Hellman Key Distribution Protocol

D.

IPsec Key exchange (IKE)

Full Access
Question # 162

Which of the following does NOT concern itself with key management?

A.

Internet Security Association Key Management Protocol (ISAKMP)

B.

Diffie-Hellman (DH)

C.

Cryptology (CRYPTO)

D.

Key Exchange Algorithm (KEA)

Full Access
Question # 163

The primary purpose for using one-way hashing of user passwords within a password file is which of the following?

A.

It prevents an unauthorized person from trying multiple passwords in one logon attempt.

B.

It prevents an unauthorized person from reading the password.

C.

It minimizes the amount of storage required for user passwords.

D.

It minimizes the amount of processing time used for encrypting passwords.

Full Access
Question # 164

Which of the following answers is described as a random value used in cryptographic algorithms to ensure that patterns are not created during the encryption process?

A.

IV - Initialization Vector

B.

Stream Cipher

C.

OTP - One Time Pad

D.

Ciphertext

Full Access
Question # 165

Crackers today are MOST often motivated by their desire to:

A.

Help the community in securing their networks.

B.

Seeing how far their skills will take them.

C.

Getting recognition for their actions.

D.

Gaining Money or Financial Gains.

Full Access
Question # 166

What is malware that can spread itself over open network connections?

A.

Worm

B.

Rootkit

C.

Adware

D.

Logic Bomb

Full Access
Question # 167

Virus scanning and content inspection of SMIME encrypted e-mail without doing any further processing is:

A.

Not possible

B.

Only possible with key recovery scheme of all user keys

C.

It is possible only if X509 Version 3 certificates are used

D.

It is possible only by "brute force" decryption

Full Access
Question # 168

Which of the following computer crime is MORE often associated with INSIDERS?

A.

IP spoofing

B.

Password sniffing

C.

Data diddling

D.

Denial of service (DOS)

Full Access
Question # 169

In which layer of the OSI Model are connection-oriented protocols located in the TCP/IP suite of protocols?

A.

Transport layer

B.

Application layer

C.

Physical layer

D.

Network layer

Full Access
Question # 170

In the UTP category rating, the tighter the wind:

A.

the higher the rating and its resistance against interference and crosstalk.

B.

the slower the rating and its resistance against interference and attenuation.

C.

the shorter the rating and its resistance against interference and attenuation.

D.

the longer the rating and its resistance against interference and attenuation.

Full Access
Question # 171

Encapsulating Security Payload (ESP) provides some of the services of Authentication Headers (AH), but it is primarily designed to provide:

A.

Confidentiality

B.

Cryptography

C.

Digital signatures

D.

Access Control

Full Access
Question # 172

What type of attack involves IP spoofing, ICMP ECHO and a bounce site?

A.

IP spoofing attack

B.

Teardrop attack

C.

SYN attack

D.

Smurf attack

Full Access
Question # 173

Which of the following is unlike the other three choices presented?

A.

El Gamal

B.

Teardrop

C.

Buffer Overflow

D.

Smurf

Full Access
Question # 174

A group of independent servers, which are managed as a single system, that provides higher availability, easier manageability, and greater scalability is:

A.

server cluster

B.

client cluster

C.

guest cluster

D.

host cluster

Full Access
Question # 175

Why is traffic across a packet switched network difficult to monitor?

A.

Packets are link encrypted by the carrier

B.

Government regulations forbids monitoring

C.

Packets can take multiple paths when transmitted

D.

The network factor is too high

Full Access
Question # 176

In stateful inspection firewalls, packets are:

A.

Inspected at only one layer of the Open System Interconnection (OSI) model

B.

Inspected at all Open System Interconnection (OSI) layers

C.

Decapsulated at all Open Systems Interconnect (OSI) layers.

D.

Encapsulated at all Open Systems Interconnect (OSI) layers.

Full Access
Question # 177

What attack involves the perpetrator sending spoofed packet(s) wich contains the same destination and source IP address as the remote host, the same port for the source and destination, having the SYN flag, and targeting any open ports that are open on the remote host?

A.

Boink attack

B.

Land attack

C.

Teardrop attack

D.

Smurf attack

Full Access
Question # 178

While using IPsec, the ESP and AH protocols both provides integrity services. However when using AH, some special attention needs to be paid if one of the peers uses NAT for address translation service. Which of the items below would affects the use of AH and it´s Integrity Check Value (ICV) the most?

A.

Key session exchange

B.

Packet Header Source or Destination address

C.

VPN cryptographic key size

D.

Crypotographic algorithm used

Full Access
Question # 179

Which one of the following is used to provide authentication and confidentiality for e-mail messages?

A.

Digital signature

B.

PGP

C.

IPSEC AH

D.

MD4

Full Access
Question # 180

In a SSL session between a client and a server, who is responsible for generating the master secret that will be used as a seed to generate the symmetric keys that will be used during the session?

A.

Both client and server

B.

The client's browser

C.

The web server

D.

The merchant's Certificate Server

Full Access
Question # 181

Which of the following offers security to wireless communications?

A.

S-WAP

B.

WTLS

C.

WSP

D.

WDP

Full Access
Question # 182

Which of the following is the biggest concern with firewall security?

A.

Internal hackers

B.

Complex configuration rules leading to misconfiguration

C.

Buffer overflows

D.

Distributed denial of service (DDOS) attacks

Full Access
Question # 183

Which of the following is an IP address that is private (i.e. reserved for internal networks, and not a valid address to use on the Internet)?

A.

192.168.42.5

B.

192.166.42.5

C.

192.175.42.5

D.

192.1.42.5

Full Access
Question # 184

What is the maximum length of cable that can be used for a twisted-pair, Category 5 10Base-T cable?

A.

80 meters

B.

100 meters

C.

185 meters

D.

500 meters

Full Access
Question # 185

The controls that usually require a human to evaluate the input from sensors or cameras to determine if a real threat exists are associated with:

A.

Preventive/physical

B.

Detective/technical

C.

Detective/physical

D.

Detective/administrative

Full Access
Question # 186

A central authority determines what subjects can have access to certain objects based on the organizational security policy is called:

A.

Mandatory Access Control

B.

Discretionary Access Control

C.

Non-Discretionary Access Control

D.

Rule-based Access control

Full Access
Question # 187

Which of following is not a service provided by AAA servers (Radius, TACACS and DIAMETER)?

A.

Authentication

B.

Administration

C.

Accounting

D.

Authorization

Full Access
Question # 188

What kind of certificate is used to validate a user identity?

A.

Public key certificate

B.

Attribute certificate

C.

Root certificate

D.

Code signing certificate

Full Access
Question # 189

What is the Biba security model concerned with?

A.

Confidentiality

B.

Reliability

C.

Availability

D.

Integrity

Full Access
Question # 190

Which of the following is most appropriate to notify an internal user that session monitoring is being conducted?

A.

Logon Banners

B.

Wall poster

C.

Employee Handbook

D.

Written agreement

Full Access
Question # 191

What does the (star) property mean in the Bell-LaPadula model?

A.

No write up

B.

No read up

C.

No write down

D.

No read down

Full Access
Question # 192

What is called the use of technologies such as fingerprint, retina, and iris scans to authenticate the individuals requesting access to resources?

A.

Micrometrics

B.

Macrometrics

C.

Biometrics

D.

MicroBiometrics

Full Access
Question # 193

Which access control model would a lattice-based access control model be an example of?

A.

Mandatory access control.

B.

Discretionary access control.

C.

Non-discretionary access control.

D.

Rule-based access control.

Full Access
Question # 194

In an organization where there are frequent personnel changes, non-discretionary access control using Role Based Access Control (RBAC) is useful because:

A.

people need not use discretion

B.

the access controls are based on the individual's role or title within the organization.

C.

the access controls are not based on the individual's role or title within the organization

D.

the access controls are often based on the individual's role or title within the organization

Full Access
Question # 195

Guards are appropriate whenever the function required by the security program involves which of the following?

A.

The use of discriminating judgment

B.

The use of physical force

C.

The operation of access control devices

D.

The need to detect unauthorized access

Full Access
Question # 196

What refers to legitimate users accessing networked services that would normally be restricted to them?

A.

Spoofing

B.

Piggybacking

C.

Eavesdropping

D.

Logon abuse

Full Access
Question # 197

Which of the following Kerberos components holds all users' and services' cryptographic keys?

A.

The Key Distribution Service

B.

The Authentication Service

C.

The Key Distribution Center

D.

The Key Granting Service

Full Access
Question # 198

Which access control model was proposed for enforcing access control in government and military applications?

A.

Bell-LaPadula model

B.

Biba model

C.

Sutherland model

D.

Brewer-Nash model

Full Access
Question # 199

Which of the following access control models requires security clearance for subjects?

A.

Identity-based access control

B.

Role-based access control

C.

Discretionary access control

D.

Mandatory access control

Full Access
Question # 200

Which of the following is NOT true of the Kerberos protocol?

A.

Only a single login is required per session.

B.

The initial authentication steps are done using public key algorithm.

C.

The KDC is aware of all systems in the network and is trusted by all of them

D.

It performs mutual authentication

Full Access
Question # 201

The control measures that are intended to reveal the violations of security policy using software and hardware are associated with:

A.

Preventive/physical

B.

Detective/technical

C.

Detective/physical

D.

Detective/administrative

Full Access
Question # 202

Identification and authentication are the keystones of most access control systems. Identification establishes:

A.

User accountability for the actions on the system.

B.

Top management accountability for the actions on the system.

C.

EDP department accountability for the actions of users on the system.

D.

Authentication for actions on the system

Full Access
Question # 203

Which of the following was developed by the National Computer Security Center (NCSC) for the US Department of Defense ?

A.

TCSEC

B.

ITSEC

C.

DIACAP

D.

NIACAP

Full Access
Question # 204

Considerations of privacy, invasiveness, and psychological and physical comfort when using the system are important elements for which of the following?

A.

Accountability of biometrics systems

B.

Acceptability of biometrics systems

C.

Availability of biometrics systems

D.

Adaptability of biometrics systems

Full Access
Question # 205

Which of the following is the most reliable authentication method for remote access?

A.

Variable callback system

B.

Synchronous token

C.

Fixed callback system

D.

Combination of callback and caller ID

Full Access
Question # 206

Which of the following control pairings include: organizational policies and procedures, pre-employment background checks, strict hiring practices, employment agreements, employee termination procedures, vacation scheduling, labeling of sensitive materials, increased supervision, security awareness training, behavior awareness, and sign-up procedures to obtain access to information systems and networks?

A.

Preventive/Administrative Pairing

B.

Preventive/Technical Pairing

C.

Preventive/Physical Pairing

D.

Detective/Administrative Pairing

Full Access
Question # 207

This is a common security issue that is extremely hard to control in large environments. It occurs when a user has more computer rights, permissions, and access than what is required for the tasks the user needs to fulfill. What best describes this scenario?

A.

Excessive Rights

B.

Excessive Access

C.

Excessive Permissions

D.

Excessive Privileges

Full Access
Question # 208

What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?

A.

A

B.

D

C.

E

D.

F

Full Access
Question # 209

Which of the following describes the major disadvantage of many Single Sign-On (SSO) implementations?

A.

Once an individual obtains access to the system through the initial log-on, they have access to all resources within the environment that the account has access to.

B.

The initial logon process is cumbersome to discourage potential intruders.

C.

Once a user obtains access to the system through the initial log-on, they only need to logon to some applications.

D.

Once a user obtains access to the system through the initial log-on, he has to logout from all other systems

Full Access
Question # 210

What can be defined as a table of subjects and objects indicating what actions individual subjects can take upon individual objects?

A.

A capacity table

B.

An access control list

C.

An access control matrix

D.

A capability table

Full Access
Question # 211

Who developed one of the first mathematical models of a multilevel-security computer system?

A.

Diffie and Hellman.

B.

Clark and Wilson.

C.

Bell and LaPadula.

D.

Gasser and Lipner.

Full Access
Question # 212

What does it mean to say that sensitivity labels are "incomparable"?

A.

The number of classification in the two labels is different.

B.

Neither label contains all the classifications of the other.

C.

the number of categories in the two labels are different.

D.

Neither label contains all the categories of the other.

Full Access
Question # 213

Kerberos is vulnerable to replay in which of the following circumstances?

A.

When a private key is compromised within an allotted time window.

B.

When a public key is compromised within an allotted time window.

C.

When a ticket is compromised within an allotted time window.

D.

When the KSD is compromised within an allotted time window.

Full Access
Question # 214

What would be the name of a Logical or Virtual Table dynamically generated to restrict the information a user can access in a database?

A.

Database Management system

B.

Database views

C.

Database security

D.

Database shadowing

Full Access
Question # 215

Which type of control is concerned with restoring controls?

A.

Compensating controls

B.

Corrective controls

C.

Detective controls

D.

Preventive controls

Full Access
Question # 216

Which one of the following factors is NOT one on which Authentication is based?

A.

Type 1. Something you know, such as a PIN or password

B.

Type 2. Something you have, such as an ATM card or smart card

C.

Type 3. Something you are (based upon one or more intrinsic physical or behavioral traits), such as a fingerprint or retina scan

D.

Type 4. Something you are, such as a system administrator or security administrator

Full Access
Question # 217

In biometric identification systems, the parts of the body conveniently available for identification are:

A.

neck and mouth

B.

hands, face, and eyes

C.

feet and hair

D.

voice and neck

Full Access
Question # 218

Which TCSEC class specifies discretionary protection?

A.

B2

B.

B1

C.

C2

D.

C1

Full Access
Question # 219

Which of the following classes is defined in the TCSEC (Orange Book) as discretionary protection?

A.

C

B.

B

C.

A

D.

D

Full Access
Question # 220

Which of the following division is defined in the TCSEC (Orange Book) as minimal protection?

A.

Division D

B.

Division C

C.

Division B

D.

Division A

Full Access
Question # 221

Which integrity model defines a constrained data item, an integrity verification procedure and a transformation procedure?

A.

The Take-Grant model

B.

The Biba integrity model

C.

The Clark Wilson integrity model

D.

The Bell-LaPadula integrity model

Full Access
Question # 222

Which access control model is also called Non Discretionary Access Control (NDAC)?

A.

Lattice based access control

B.

Mandatory access control

C.

Role-based access control

D.

Label-based access control

Full Access
Question # 223

A timely review of system access audit records would be an example of which of the basic security functions?

A.

avoidance.

B.

deterrence.

C.

prevention.

D.

detection.

Full Access
Question # 224

Which of the following is NOT a form of detective administrative control?

A.

Rotation of duties

B.

Required vacations

C.

Separation of duties

D.

Security reviews and audits

Full Access
Question # 225

The type of discretionary access control (DAC) that is based on an individual's identity is also called:

A.

Identity-based Access control

B.

Rule-based Access control

C.

Non-Discretionary Access Control

D.

Lattice-based Access control

Full Access
Question # 226

Which of the following statements pertaining to RADIUS is incorrect:

A.

A RADIUS server can act as a proxy server, forwarding client requests to other authentication domains.

B.

Most of RADIUS clients have a capability to query secondary RADIUS servers for redundancy.

C.

Most RADIUS servers have built-in database connectivity for billing and reporting purposes.

D.

Most RADIUS servers can work with DIAMETER servers.

Full Access
Question # 227

Which of the following biometric devices offers the LOWEST CER?

A.

Keystroke dynamics

B.

Voice verification

C.

Iris scan

D.

Fingerprint

Full Access
Question # 228

Who first described the DoD multilevel military security policy in abstract, formal terms?

A.

David Bell and Leonard LaPadula

B.

Rivest, Shamir and Adleman

C.

Whitfield Diffie and Martin Hellman

D.

David Clark and David Wilson

Full Access
Question # 229

In Synchronous dynamic password tokens:

A.

The token generates a new password value at fixed time intervals (this password could be based on the time of day encrypted with a secret key).

B.

The token generates a new non-unique password value at fixed time intervals (this password could be based on the time of day encrypted with a secret key).

C.

The unique password is not entered into a system or workstation along with an owner's PIN.

D.

The authentication entity in a system or workstation knows an owner's secret key and PIN, and the entity verifies that the entered password is invalid and that it was entered during the invalid time window.

Full Access
Question # 230

In biometrics, the "one-to-one" search used to verify claim to an identity made by a person is considered:

A.

Authentication

B.

Identification

C.

Auditing

D.

Authorization

Full Access
Question # 231

What can best be defined as the sum of protection mechanisms inside the computer, including hardware, firmware and software?

A.

Trusted system

B.

Security kernel

C.

Trusted computing base

D.

Security perimeter

Full Access
Question # 232

If an operating system permits shared resources such as memory to be used sequentially by multiple users/application or subjects without a refresh of the objects/memory area, what security problem is MOST likely to exist?

A.

Disclosure of residual data.

B.

Unauthorized obtaining of a privileged execution state.

C.

Data leakage through covert channels.

D.

Denial of service through a deadly embrace.

Full Access
Question # 233

What is defined as the hardware, firmware and software elements of a trusted computing base that implement the reference monitor concept?

A.

The reference monitor

B.

Protection rings

C.

A security kernel

D.

A protection domain

Full Access
Question # 234

A security evaluation report and an accreditation statement are produced in which of the following phases of the system development life cycle?

A.

project initiation and planning phase

B.

system design specification phase

C.

development & documentation phase

D.

acceptance phase

Full Access
Question # 235

An effective information security policy should not have which of the following characteristic?

A.

Include separation of duties

B.

Be designed with a short- to mid-term focus

C.

Be understandable and supported by all stakeholders

D.

Specify areas of responsibility and authority

Full Access
Question # 236

When attempting to establish Liability, which of the following would be describe as performing the ongoing maintenance necessary to keep something in proper working order, updated, effective, or to abide by what is commonly expected in a situation?

A.

Due care

B.

Due concern

C.

Due diligence

D.

Due practice

Full Access
Question # 237

Which of the following phases of a software development life cycle normally addresses Due Care and Due Diligence?

A.

Implementation

B.

System feasibility

C.

Product design

D.

Software plans and requirements

Full Access
Question # 238

Which of the following is NOT a technical control?

A.

Password and resource management

B.

Identification and authentication methods

C.

Monitoring for physical intrusion

D.

Intrusion Detection Systems

Full Access
Question # 239

Which software development model is actually a meta-model that incorporates a number of the software development models?

A.

The Waterfall model

B.

The modified Waterfall model

C.

The Spiral model

D.

The Critical Path Model (CPM)

Full Access
Question # 240

What can best be defined as high-level statements, beliefs, goals and objectives?

A.

Standards

B.

Policies

C.

Guidelines

D.

Procedures

Full Access
Question # 241

Who of the following is responsible for ensuring that proper controls are in place to address integrity, confidentiality, and availability of IT systems and data?

A.

Business and functional managers

B.

IT Security practitioners

C.

System and information owners

D.

Chief information officer

Full Access
Question # 242

Which of the following should NOT be performed by an operator?

A.

Implementing the initial program load

B.

Monitoring execution of the system

C.

Data entry

D.

Controlling job flow

Full Access
Question # 243

What is RAD?

A.

A development methodology

B.

A project management technique

C.

A measure of system complexity

D.

Risk-assessment diagramming

Full Access
Question # 244

Which of the following is not a form of passive attack?

A.

Scavenging

B.

Data diddling

C.

Shoulder surfing

D.

Sniffing

Full Access
Question # 245

Which of the following security modes of operation involves the highest risk?

A.

Compartmented Security Mode

B.

Multilevel Security Mode

C.

System-High Security Mode

D.

Dedicated Security Mode

Full Access
Question # 246

Making sure that only those who are supposed to access the data can access is which of the following?

A.

confidentiality.

B.

capability.

C.

integrity.

D.

availability.

Full Access
Question # 247

What is the difference between Advisory and Regulatory security policies?

A.

there is no difference between them

B.

regulatory policies are high level policy, while advisory policies are very detailed

C.

Advisory policies are not mandated. Regulatory policies must be implemented.

D.

Advisory policies are mandated while Regulatory policies are not

Full Access
Question # 248

An Architecture where there are more than two execution domains or privilege levels is called:

A.

Ring Architecture.

B.

Ring Layering

C.

Network Environment.

D.

Security Models

Full Access
Question # 249

Which of the following is not a method to protect objects and the data within the objects?

A.

Layering

B.

Data mining

C.

Abstraction

D.

Data hiding

Full Access
Question # 250

Who should DECIDE how a company should approach security and what security measures should be implemented?

A.

Senior management

B.

Data owner

C.

Auditor

D.

The information security specialist

Full Access
Question # 251

It is a violation of the "separation of duties" principle when which of the following individuals access the software on systems implementing security?

A.

security administrator

B.

security analyst

C.

systems auditor

D.

systems programmer

Full Access
Question # 252

Which of the following best defines add-on security?

A.

Physical security complementing logical security measures.

B.

Protection mechanisms implemented as an integral part of an information system.

C.

Layer security.

D.

Protection mechanisms implemented after an information system has become operational.

Full Access
Question # 253

Which of the following would be the best reason for separating the test and development environments?

A.

To restrict access to systems under test.

B.

To control the stability of the test environment.

C.

To segregate user and development staff.

D.

To secure access to systems under development.

Full Access
Question # 254

What is the main purpose of Corporate Security Policy?

A.

To transfer the responsibility for the information security to all users of the organization

B.

To communicate management's intentions in regards to information security

C.

To provide detailed steps for performing specific actions

D.

To provide a common framework for all development activities

Full Access
Question # 255

Memory management in TCSEC levels B3 and A1 operating systems may utilize "data hiding". What does this mean?

A.

System functions are layered, and none of the functions in a given layer can access data outside that layer.

B.

Auditing processes and their memory addresses cannot be accessed by user processes.

C.

Only security processes are allowed to write to ring zero memory.

D.

It is a form of strong encryption cipher.

Full Access
Question # 256

During which phase of an IT system life cycle are security requirements developed?

A.

Operation

B.

Initiation

C.

Functional design analysis and Planning

D.

Implementation

Full Access
Question # 257

Related to information security, confidentiality is the opposite of which of the following?

A.

closure

B.

disclosure

C.

disposal

D.

disaster

Full Access
Question # 258

Which of the following is a CHARACTERISTIC of a decision support system (DSS) in regards to Threats and Risks Analysis?

A.

DSS is aimed at solving highly structured problems.

B.

DSS emphasizes flexibility in the decision making approach of users.

C.

DSS supports only structured decision-making tasks.

D.

DSS combines the use of models with non-traditional data access and retrieval functions.

Full Access
Question # 259

Which of the following statements pertaining to software testing is incorrect?

A.

Unit testing should be addressed and considered when the modules are being designed.

B.

Test data should be part of the specifications.

C.

Testing should be performed with live data to cover all possible situations.

D.

Test data generators can be used to systematically generate random test data that can be used to test programs.

Full Access
Question # 260

Who can best decide what are the adequate technical security controls in a computer-based application system in regards to the protection of the data being used, the criticality of the data, and it's sensitivity level ?

A.

System Auditor

B.

Data or Information Owner

C.

System Manager

D.

Data or Information user

Full Access
Question # 261

Risk analysis is MOST useful when applied during which phase of the system development process?

A.

Project initiation and Planning

B.

Functional Requirements definition

C.

System Design Specification

D.

Development and Implementation

Full Access
Question # 262

Why does compiled code pose more of a security risk than interpreted code?

A.

Because malicious code can be embedded in compiled code and be difficult to detect.

B.

If the executed compiled code fails, there is a chance it will fail insecurely.

C.

Because compilers are not reliable.

D.

There is no risk difference between interpreted code and compiled code.

Full Access
Question # 263

Which of the following would be the best criterion to consider in determining the classification of an information asset?

A.

Value

B.

Age

C.

Useful life

D.

Personal association

Full Access
Question # 264

Which of the following would best describe the difference between white-box testing and black-box testing?

A.

White-box testing is performed by an independent programmer team.

B.

Black-box testing uses the bottom-up approach.

C.

White-box testing examines the program internal logical structure.

D.

Black-box testing involves the business units

Full Access
Question # 265

Which of the following is an advantage in using a bottom-up versus a top-down approach to software testing?

A.

Interface errors are detected earlier.

B.

Errors in critical modules are detected earlier.

C.

Confidence in the system is achieved earlier.

D.

Major functions and processing are tested earlier.

Full Access
Question # 266

What is called a system that is capable of detecting that a fault has occurred and has the ability to correct the fault or operate around it?

A.

A fail safe system

B.

A fail soft system

C.

A fault-tolerant system

D.

A failover system

Full Access
Question # 267

Which of the following describes a computer processing architecture in which a language compiler or pre-processor breaks program instructions down into basic operations that can be performed by the processor at the same time?

A.

Very-Long Instruction-Word Processor (VLIW)

B.

Complex-Instruction-Set-Computer (CISC)

C.

Reduced-Instruction-Set-Computer (RISC)

D.

Super Scalar Processor Architecture (SCPA)

Full Access
Question # 268

What mechanism does a system use to compare the security labels of a subject and an object?

A.

Validation Module.

B.

Reference Monitor.

C.

Clearance Check.

D.

Security Module.

Full Access
Question # 269

Which of the following is NOT an administrative control?

A.

Logical access control mechanisms

B.

Screening of personnel

C.

Development of policies, standards, procedures and guidelines

D.

Change control procedures

Full Access
Question # 270

A trusted system does NOT involve which of the following?

A.

Enforcement of a security policy.

B.

Sufficiency and effectiveness of mechanisms to be able to enforce a security policy.

C.

Assurance that the security policy can be enforced in an efficient and reliable manner.

D.

Independently-verifiable evidence that the security policy-enforcing mechanisms are sufficient and effective.

Full Access
Question # 271

What is the most secure way to dispose of information on a CD-ROM?

A.

Sanitizing

B.

Physical damage

C.

Degaussing

D.

Physical destruction

Full Access
Question # 272

Which of the following phases of a system development life-cycle is most concerned with establishing a good security policy as the foundation for design?

A.

Development/acquisition

B.

Implementation

C.

Initiation

D.

Maintenance

Full Access
Question # 273

Which of the following is NOT a proper component of Media Viability Controls?

A.

Storage

B.

Writing

C.

Handling

D.

Marking

Full Access
Question # 274

Which of the following is not a responsibility of an information (data) owner?

A.

Determine what level of classification the information requires.

B.

Periodically review the classification assignments against business needs.

C.

Delegate the responsibility of data protection to data custodians.

D.

Running regular backups and periodically testing the validity of the backup data.

Full Access
Question # 275

Which of the following would provide the BEST stress testing environment taking under consideration and avoiding possible data exposure and leaks of sensitive data?

A.

Test environment using test data.

B.

Test environment using sanitized live workloads data.

C.

Production environment using test data.

D.

Production environment using sanitized live workloads data.

Full Access
Question # 276

Within the context of the CBK, which of the following provides a MINIMUM level of security ACCEPTABLE for an environment ?

A.

A baseline

B.

A standard

C.

A procedure

D.

A guideline

Full Access