Fred's data role requires him to maintain system security plans and to ensure that system users and support staff get the training they need about security practices and acceptable use. What is the role that Fred is most likely to hold in the organization?
Data owner
System owner
User
Custodian
Sally is using IPsec's ESP component in transport mode. What important information should she be aware of about transport mode?
Transport mode provides full encryption of the entire IP packet.
Transport mode adds a new, unencrypted header to ensure that packets reach their destination.
Transport mode does not encrypt the header of the packet.
Transport mode provides no encryption; only tunnel mode provides encryption.
Which one of the following is not an essential process area for the Repeatable phase of the Software Capability Maturity Model (SW-CMM)?
Software Project Planning
Software Quality Management
Software Project Tracking
Software Subcontract Management
Ben wants to provide predictive information about his organization's risk exposure in an automated way as part of an ongoing organizational risk management plan. What should he use to do this?
KRIs
Quantitative risk assessments
KPIs
Penetration tests
In the image shown here, what does system B send to system A at step 2 of the three-way TCP handshake?
SYN
ACK
FIN/ACK
SYN/ACK
Chris is conducting reconnaissance on a remote target and discovers that pings are allowed through his target's border firewall. What can he learn by using ping to probe the remote network?
Which systems respond to ping, a rough network topology, and potentially the location of additional firewalls
A list of all of the systems behind the target's firewall
The hostnames and time to live (TTL) for each pingable system, and the ICMP types allowed through the firewall
Router advertisements, echo request responses, and potentially which hosts are tarpitted
Jake is conducting a review of his organization's identity and access management program. During his review, he is verifying the privileges assigned to each user and ensuring that they match with business requirements. What element of the program is he reviewing?
Identification
Accountability
Authorization
Authentication
Faith is looking at the
/etc/passwd
file on a system configured to use shadowed passwords. When she examines a line in the file for a user with interactive login permissions, what should she expect to see in the password field?
Plaintext password
Hashed password
x
*
Berta is analyzing the logs of the Windows Firewall on one of her servers and comes across the entries shown in this figure. What type of attack do these entries indicate?
SQL injection
Port scan
Teardrop
Land
Danielle is testing tax software, and part of her testing process requires her to input a variety of actual tax forms to verify that the software produces the right answers. What type of testing is Danielle performing?
Use case testing
Dynamic testing
Fuzzing
Misuse testing
After 10 years working in her organization, Cassandra is moving into her fourth role, this time as a manager in the accounting department. What issue is likely to show up during an account review if her organization does not have strong account maintenance practices?
An issue with least privilege
Privilege creep
Account creep
Account termination
IP addresses like 10.10.10.10 and 172.19.24.21 are both examples of what type of IP address?
Public IP addresses
Prohibited IP addresses
Private IP addresses
Class B IP ranges
Ben is reviewing the password recovery mechanism used by his website and discovers that the approach uses cognitive authentication through the use of security questions. What is the major issue with this approach?
It prevents the use of tokens.
The question's answer may be easy to find on the internet.
Cognitive passwords require users to think to answer the question, and not all users may be able to solve the problems presented.
Cognitive passwords don't support long passwords.
Megan needs to create a forensic copy of a hard drive that will be used in an investigation. Which of the following tools is best suited to her work?
xcopy
dd
DBAN
ImageMagik
Kay is selecting an application management approach for her organization. Employees need the flexibility to install software on their systems, but Kay wants to prevent them from installing certain prohibited packages. What type of approach should she use?
Antivirus
Whitelist
Blacklist
Heuristic
Donna is a security administrator for a healthcare provider located in the United States and is reviewing their payment processing system. It contains data relating to the past, present, or future payment for the provision of healthcare to an individual. How would this information be classified under HIPAA?
PCI
Personal billing data
PHI
Personally identifiable information (PII)
Harold's company has a strong password policy that requires a minimum length of 12 characters and the use of both alphanumeric characters and symbols. What technique would be the most effective way for an attacker to compromise passwords in Harold's organization?
Brute-force attack
Dictionary attack
Rainbow table attack
Social engineering attack
While traveling, James is held at knifepoint and forced to log into his laptop. What is this called?
Duress
Antisocial engineering
Distress
Knifepoint hacking
Brian recently joined an organization that runs the majority of its services on a virtualization platform located in its own data center but also leverages an IaaS provider for hosting its web services and a SaaS email system. What term best describes the type of cloud environment this organization uses?
Public cloud
Dedicated cloud
Private cloud
Hybrid cloud
Cameron is responsible for backing up his company's primary file server. He configured a backup schedule that performs full backups every Monday evening at 9 p.m. and incremental backups on other days of the week at that same time. How many files will be copied in Wednesday's backup?
1
2
5
6
Susan uses a span port to monitor traffic to her production website and uses a monitoring tool to identify performance issues in real time. What type of monitoring is she conducting?
Passive monitoring
Active monitoring
Synthetic monitoring
Signature-based monitoring
In what type of attack do attackers manage to insert themselves into a connection between a user and a legitimate website?
Man-in-the-middle attack
Fraggle attack
Wardriving attack
Meet-in-the-middle attack
Which one of the following would be considered an example of infrastructure as a service cloud computing?
Payroll system managed by a vendor and delivered over the web
Application platform managed by a vendor that runs customer code
Servers provisioned by customers on a vendor-managed virtualization platform
Web-based email service provided by a vendor
For questions 24–26, please refer to the following scenario:
Darcy is an information security risk analyst for Roscommon Agricultural Products. She is currently trying to decide whether the company should purchase an upgraded fire suppression system for their primary data center. The data center facility has a replacement cost of $2 million.
After consulting with actuaries, data center managers, and fire subject-matter experts, Darcy determined that a typical fire would likely require the replacement of all equipment inside the building but not cause significant structural damage. Together, they estimated that recovering from the fire would cost $750,000. They also determined that the company can expect a fire of this magnitude once every 50 years.
Based on the information in this scenario, what is the exposure factor for the effect of a fire on the Roscommon Agricultural Products data center?
7.5 percent
15.0 percent
27.5 percent
37.5 percent
Based on the information in this scenario, what is the annualized rate of occurrence for a fire at the Roscommon Agricultural Products data center?
0.002
0.005
0.02
0.05
Based on the information in this scenario, what is the annualized loss expectancy for a fire at the Roscommon Agricultural Products data center?
$15,000
$25,000
$75,000
$750,000
Which one of the following techniques uses statistical methods to select a small number of log records from a large pool for further analysis with the goal of choosing a set of records that is representative of the entire pool?
Clipping
Randomization
Sampling
Selection
Mike wants to ensure that third-party users of his service's API can be tracked to prevent abuse of the API. What should he implement to help with this?
Session IDs
An API firewall
API keys
An API buffer
Fran is a web developer who works for an online retailer. Her boss asked her to create a way that customers can easily integrate themselves with Fran's company's site. They need to be able to check inventory in real time, place orders, and check order status programmatically without having to access the web page. What can Fran create to most directly facilitate this interaction?
API
Web scraper
Data dictionary
Call center
Todd's data center facility recently experienced a series of events that involved the momentary loss of power. What term best describes these events?
Fault
Blackout
Sag
Brownout
Lauren's team of system administrators each deal with hundreds of systems with varying levels of security requirements and find it difficult to handle the multitude of usernames and passwords they each have. What type of solution should she recommend to ensure that passwords are properly handled and that features like logging and password rotation occur?
A credential management system
A strong password policy
Separation of duties
Single sign-on
Ed's Windows system can't connect to the network and
ipconfig
shows the following:
What has occurred on the system?
The system has been assigned an invalid IP address by its DHCP server.
The system has a manually assigned IP address.
The system has failed to get a DHCP address and has assigned itself an address.
The subnet mask is set incorrectly, and the system cannot communicate with the gateway.
Gina is performing the initial creation of user accounts for a batch of new employees. What phase of the provisioning process is she conducting?
Enrollment
Clearance verification
Background checks
Initialization
Ravi is developing procedures for forensic investigations conducted by his organization and would like to differentiate based upon the evidentiary standards commonly used for each type of investigation. What type of forensic investigation typically has the highest evidentiary standards?
Administrative
Criminal
Civil
Industry
What U.S. legal protection prevents law enforcement agencies from searching an American facility or electronic system without either probable cause or consent?
First Amendment
Fourth Amendment
Fifth Amendment
Fifteenth Amendment
Tom believes that a customer of his internet service provider has been exploiting a vulnerability in his system to read the email messages of other customers. If true, what law did the customer most likely violate?
ECPA
CALEA
HITECH
Privacy Act
In the ring protection model shown here, what ring contains user programs and applications?
Ring 0
Ring 1
Ring 2
Ring 3
In virtualization platforms, what name is given to the module that is responsible for controlling access to physical resources by virtual resources?
Guest machine
SDN
Kernel
Hypervisor
In which cloud computing model does a customer share computing infrastructure with other customers of the cloud vendor where one customer may not know the other's identity?
Public cloud
Private cloud
Community cloud
Shared cloud
Justin recently participated in a disaster recovery plan test where the team sat together and discussed the response to a scenario but did not actually activate any disaster recovery controls. What type of test did he participate in?
Checklist review
Full interruption test
Parallel test
Tabletop exercise
Susan wants to integrate her website to allow users to use accounts from sites like Google. What technology should she adopt?
Kerberos
LDAP
OpenID
SESAME
Tom is conducting a business continuity planning effort for Orange Blossoms, a fruit orchard located in Central Florida. During the assessment process, the committee determined that there is a small risk of snow in the region but that the cost of implementing controls to reduce the impact of that risk is not warranted. They elect to not take any specific action in response to the risk. What risk management strategy is Orange Blossoms pursuing?
Risk mitigation
Risk transference
Risk avoidance
Risk acceptance
Paul is reviewing the contents of an audit report and discovers a finding that a manager in the accounting department has full access to perform every function in the financial system. What security principles have most likely been violated? (Select all that apply.)
Separation of duties
Job rotation
Management review
Least privilege
Jack's organization is a multinational nonprofit that has small offices in many developing countries throughout the world. They need to implement an access control system that allows flexibility and that can work despite poor internet connectivity at their locations. What is the best type of access control design for Jack's organization?
Centralized access control
Mandatory access control
Decentralized access control
Rule-based access control
What U.S. government classification label is applied to information that, if disclosed, could cause serious damage to national security and also requires that the damage that would be caused is able to be described or identified by the classification authority?
Classified
Secret
Confidential
Top Secret
For questions 46–49, please refer to the following scenario:
Mike and Renee would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority.
When the certificate authority (CA) created Renee's digital certificate, what key was contained within the body of the certificate?
Renee's public key
Renee's private key
CA's public key
CA's private key
When the certificate authority created Renee's digital certificate, what key did it use to digitally sign the completed certificate?
Renee's public key
Renee's private key
CA's public key
CA's private key
When Mike receives Renee's digital certificate, what key does he use to verify the authenticity of the certificate?
Renee's public key
Renee's private key
CA's public key
CA's private key
Mike would like to send Renee a private message using the information gained during this exchange. What key should he use to encrypt the message?
Renee's public key
Renee's private key
CA's public key
CA's private key
Which one of the following tools may be used to directly violate the confidentiality of communications on an unencrypted VoIP network?
Nmap
Nessus
Wireshark
Nikto
Which of the following is not true about the (ISC)2 Code of Ethics?
Adherence to the code is a condition of certification.
Failure to comply with the code may result in revocation of certification.
The code applies to all members of the information security profession.
Members who observe a breach of the code are required to report the possible violation.
Which one of the following cryptographic algorithms supports the goal of nonrepudiation?
Blowfish
DES
AES
RSA
Microsoft's STRIDE threat assessment framework uses six categories for threats: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. If a penetration tester is able to modify audit logs, what STRIDE categories best describe this issue?
Tampering and information disclosure
Elevation of privilege and tampering
Repudiation and denial of service
Repudiation and tampering
Carmen is reviewing her organization's web architecture and realizes that the web server is often under heavy load from users in different regions of the world. This load comes at unpredictable times. She would like to find a solution that minimizes the burden on her organization's servers and places content geographically closer to the user to decrease load time. What would be the best solution to Carmen's requirements?
Load balancer
Content delivery network
TLS acceleration
Web application firewall
Brian recently joined an organization that runs the majority of its services on a virtualization platform located in its own data center but also leverages an IaaS provider for hosting its web services and a SaaS email system. What term best describes the type of cloud environment this organization uses?
Public cloud
Dedicated cloud
Private cloud
Hybrid cloud
The government agency that Ben works at installed a new access control system. The system uses information such as Ben's identity, department, normal working hours, job category, and location to make authorization. What type of access control system did Ben's employer adopt?
Role-based access control
Attribute-based access control
Administrative access control
System discretionary access control
Ben is building his organization's security awareness and training program and would like to include interactive activities that better engage users. What techniques would best help him meet this goal?
Policy reviews
Gamification
Classroom training
Phishing simulations
Andrew believes that a digital certificate belonging to his organization was compromised and would like to add it to a certificate revocation list (CRL). Who must add the certificate to the CRL?
Andrew
The root authority for the top-level domain
The CA that issued the certificate
The revocation authority for the top-level domain
Amanda is considering the implementation of a database recovery mechanism recommended by a consultant. In the recommended approach, an automated process will move records of transactions from the primary site to a backup site on an hourly basis. What type of database recovery technique is the consultant describing?
Electronic vaulting
Transaction logging
Remote mirroring
Remote journaling
Ron is working to classify information used by his organization and would like to include all information that might trigger a U.S. state data breach notification law in his classification scheme. Which of the following categories of information should he include, assuming that they are connected to a specific individual? (Select all that apply.)
Bank account number and PIN
Driver's license number
Marital status
Social Security number
Which one of the following investigation types has the loosest standards for the collection and preservation of information?
Civil investigation
Operational investigation
Criminal investigation
Regulatory investigation
Sue was required to sign an NDA when she took a job at her new company. Why did the company require her to sign it?
To protect the confidentiality of their data
To ensure that Sue did not delete their data
To prevent Sue from directly competing with them in the future
To require Sue to ensure the availability for their data as part of her job
Susan is concerned about the FAR associated with her biometric technology. What is the best method to deal with the FAR?
Adjust the CER.
Change the sensitivity of the system to lower the FRR.
Add a second factor.
Replace the biometric system.
Which data processing role in an organization is most likely to grant users access to information on a day-to-day basis?
Business owners
Data processors
Data owners
Data stewards
Ron is the CISO of a U.S. company that is entering into a business partnership with a European firm. The European firm will be sending his company customer records to run through Ron's firm's proprietary credit scoring algorithm. Under GDPR, what role will Ron's company have relative to the customer data?
Data controller
Data owner
Data subject
Data processor
Tonya recently introduced a new security control in her organization for emergency access to system administrator privileges. Under this procedure, two qualified administrators must agree to retrieve emergency credentials. What term best describes this process?
Separation of duties
Least privilege
Two-person control
Multifactor authentication
Attackers who compromise websites often acquire databases of hashed passwords. What technique can best protect these passwords against automated password cracking attacks that use precomputed values?
Using the MD5 hashing algorithm
Using the SHA-1 hashing algorithm
Salting
Double-hashing
Jim starts a new job as a system engineer, and he is reviewing a team document entitled “Forensic Response Guidelines.” Which one of the following statements is not true?
Jim must comply with the information in this document.
The document contains information about forensic examinations.
Jim should read the document thoroughly.
The document is likely based on industry best practices.
Evan is reviewing his access control system to ensure that no user is able to read information that is above their security clearance level. What security model is he enforcing?
Bell–LaPadula
Star security property
Discretionary security property
Biba
Ben needs to verify that the most recent patch for his organization's critical application did not introduce issues elsewhere. What type of testing does Ben need to conduct to ensure this?
Unit testing
White box
Regression testing
Black box
Tamara recently decided to purchase cyber-liability insurance to cover her company's costs in the event of a data breach. What risk management strategy is she pursuing?
Risk acceptance
Risk mitigation
Risk transference
Risk avoidance
Which of the following is not one of the four canons of the (ISC)2 Code of Ethics?
Avoid conflicts of interest that may jeopardize impartiality.
Protect society, the common good, necessary public trust and confidence, and the infrastructure.
Act honorably, honestly, justly, responsibly, and legally.
Provide diligent and competent service to principals.
Jim wants to allow a partner organization's Active Directory forest (B) to access his domain forest's (A)'s resources but doesn't want to allow users in his domain to access B's resources. He also does not want the trust to flow upward through the domain tree as it is formed. What should he do?
Set up a two-way transitive trust.
Set up a one-way transitive trust.
Set up a one-way nontransitive trust.
Set up a two-way nontransitive trust.
Susan's team is performing code analysis by manually reviewing the code for flaws. What type of analysis are they performing?
Gray box
Static
Dynamic
Fuzzing
Kevin's organization recently suffered a ransomware attack, and he is considering paying the ransom. Which of the following statements are true about paying the ransom? (Select all that apply.)
There is no guarantee that he will receive the decryption key.
The attackers have encrypted his data but do not have access to the data itself.
Restoring from backup will not recover information.
Paying ransoms may be illegal.
What feature of a Trusted Platform Module (TPM) creates a hash summary of the system configuration to verify that changes have not been made?
Remote attestation
Binding
Sealing
RNG
Gary is concerned that the environmental controls in his organization's data center may not be effectively controlling humidity. Which of the following circumstances may result from humidity issues? (Select all that apply.)
Static electricity damaging equipment
Fires in power supplies
Corrosion of equipment
Physical access control failures
Evan recently built an alternate processing facility that includes all of the hardware and data necessary to restore operations in a matter of minutes or seconds. What type of facility has he built?
Hot site
Warm site
Cold site
Mobile site
Hadley is reviewing network traffic logs and is searching for syslog activity on his network. When he creates a filter to look for this traffic, which UDP port should he include?
443
514
515
445
Fred finds a packet that his protocol analyzer shows with both PSH and URG set. What type of packet is he looking at, and what do the flags mean?
A UDP packet; PSH and URG are used to indicate that the data should be sent at high speed.
A TCP packet; PSH and URG are used to clear the buffer and indicate that the data is urgent.
A TCP packet; PSH and URG are used to preset the header and indicate that the speed of the network is unregulated.
A UDP packet; PSH and URG are used to indicate that the UDP buffer should be cleared and that the data is urgent.
What code review process is shown here?
Static inspection
Fagan inspection
Dynamic inspection
Interface testing
During a log review, Karen discovers that the system she needs to gather logs from has the log setting shown here. What problem is Karen likely to encounter?
Too much log data will be stored on the system.
The system is automatically purging archived logs.
The logs will not contain the information needed.
The logs will only contain the most recent 20 MB of log data.
While investigating a widespread distributed denial-of-service attack, Matt types in the IP address of one of the attacking systems into his browser and sees the following page. What type of devices is the botnet likely composed of?
SCADA
Cloud infrastructure
Web servers
IoT
For questions 84–86, please refer to the following scenario:
Alejandro is an incident response analyst for a large corporation. He is on the midnight shift when an intrusion detection system alerts him to a potential brute-force password attack against one of the company's critical information systems. He performs an initial triage of the event before taking any additional action.
What stage of the incident response process is Alejandro currently conducting?
Detection
Response
Recovery
Mitigation
If Alejandro's initial investigation determines that a security incident is likely taking place, what should be his next step?
Investigate the root cause.
File a written report.
Activate the incident response team.
Attempt to restore the system to normal operations.
As the incident response progresses, during which stage should the team conduct a root-cause analysis?
Response
Reporting
Remediation
Lessons learned
Barry recently received a message from Melody that Melody encrypted using symmetric cryptography. What key should Barry use to decrypt the message?
Barry's public key
Barry's private key
Melody's public key
Shared secret key
After you do automated functional testing with 100 percent coverage of an application, what type of error is most likely to remain?
Business logic errors
Input validation errors
Runtime errors
Error handling errors
During what phase of the incident response process would security professionals analyze the process itself to determine whether any improvements are warranted?
Lessons learned
Remediation
Recovery
Reporting
What U.S. law prevents the removal of protection mechanisms placed on a copyrighted work by the copyright holder?
HIPAA
DMCA
GLBA
ECPA
Linda is selecting a disaster recovery facility for her organization, and she wants to retain independence from other organizations as much as possible. She would like to choose a facility that balances cost and recovery time, allowing activation in about one week after a disaster is declared. What type of facility should she choose?
Cold site
Warm site
Mutual assistance agreement
Hot site
Helen's organization handles large quantities of highly sensitive information. To help address this risk, she purchased a cyber-liability insurance policy. What type of risk response action is Helen taking?
Transfer
Avoid
Mitigate
Accept
What type of penetration testing provides detail on the scope of a penetration test—including items like what systems would be targeted—but does not provide full visibility into the configuration or other details of the systems or networks the penetration tester must test?
Crystal box
White box
Black box
Gray box
Joanna would like to implement multifactor authentication for access to a restricted work area in her building. Which pairing of controls would best meet her requirement?
ID card and PIN
Password and retinal scan
ID card and access token
Retinal scan and fingerprint scan
What network topology is used by modern-day Ethernet networks?
Star
Mesh
Ring
Bus
Reed would like to add capabilities to his network that allow him to hide the identities of his users from remote web servers. Which one of the following tools would best meet his needs?
Proxy server
Content filter
Malware filter
Caching server
Evelyn is preparing a training program that will provide cybersecurity advice to users who often travel internationally. Which of the following topics requires special training to ensure that users do not run afoul of U.S. export control laws?
Encryption software
Content filtering
Firewall rules
Phishing simulations
Skip needs to transfer files from his PC to a remote server. What protocol should he use instead of FTP?
SCP
SSH
HTTP
Telnet
Ben's New York–based commercial web service collects personal information from California residents. What does the California Online Privacy Protection Act require Ben to do to be compliant?
Ben must encrypt all personal data he receives.
Ben must comply with the EU GDPR.
Ben must have a conspicuously posted privacy policy on his site.
Ben must provide notice and choice for users of his website.
Grayson is reviewing his organization's password policies and would like to follow modern best practices. What is the recommended expiration period for passwords?
30 days
90 days
180 days
None
A consortium of colleges and universities recently worked to integrate their authentication systems so that students registered at one institution may use their credentials to access services at other institutions. What term best describes this arrangement?
Federation
Identity proofing
Enrollment
Provisioning
Olivia is selecting a new biometric authentication technology and is considering purchasing iris scanners. What advantage do iris scans have over most other types of biometric factors?
Iris scanners are harder to deceive.
Irises don't change as much as other factors.
Iris scanners are cheaper than other factors.
Iris scans cannot be easily replicated.
Harold's company has a strong password policy that requires a minimum length of 12 characters and the use of both alphanumeric characters and symbols. What technique would be the most effective way for an attacker to compromise passwords in Harold's organization?
Brute-force attack
Dictionary attack
Rainbow table attack
Social engineering attack
Matthew, Richard, and Christopher would like to exchange messages with each other using symmetric cryptography. They want to ensure that each individual can privately send a message to another individual without the third person being able to read the message. How many keys do they need?
1
2
3
6
Colleen is responsible for protecting credit card numbers as part of her organization's efforts to comply with PCI DSS. She would like to select an appropriate control to protect those numbers while in transit over the network. Which of the following controls would best meet this need?
FDE
SSL
TPM
TLS
Joe is concerned about the confidentiality of email messages as they are transiting the internet from his organization's servers to their final destination. What is the best way that Joe can ensure email confidentiality in motion?
Use TLS between the client and server.
Use SSL between the client and server.
Encrypt the email content.
Use a digital signature.
Brenda is analyzing the web server logs after a successful compromise of her organization's web-based order processing application. She finds an entry in the log file showing that a user entered the following information as his last name when placing an order:
Smith';DROP TABLE orders;--
What type of attack was attempted?
Buffer overflow
Cross-site scripting
Cross-site request forgery
SQL injection
Hannah's organization is implementing a new approach to user authentication that relies upon SAML. She would like to protect against eavesdropping on this traffic and also ensure that SAML traffic is not forged by an attacker. What should she do to protect against both types of attack?
Use SAML's secure mode to provide secure authentication.
Implement TLS using a strong cipher suite, which will protect against both types of attacks.
Implement TLS using a strong cipher suite and use digital signatures.
Implement TLS using a strong cipher suite and message hashing.
What is the goal of the BCP process?
RTO < MTD
MTD < RTO
RPO < MTD
MTD < RPO
During which phase of the incident response process would administrators design new security controls intended to prevent a recurrence of the incident?
Reporting
Recovery
Remediation
Lessons learned
Bethany received an email from one of her colleagues with an unusual attachment named
smime.p7s
. She does not recognize the attachment and is unsure what to do. What is the most likely scenario?
This is an encrypted email message.
This is a phishing attack.
This is embedded malware.
This is a spoofing attack.
For questions 112–114, please refer to the following scenario:
Kim is the database security administrator for Aircraft Systems, Inc. (ASI). ASI is a military contractor engaged in the design and analysis of aircraft avionics systems and regularly handles classified information on behalf of the government and other government contractors. Kim is concerned about ensuring the security of information stored in ASI databases.
Kim's database is a multilevel security database, and different ASI employees have different security clearances. The database contains information on the location of military aircraft containing ASI systems to allow ASI staff to monitor those systems.
Kim learned that the military is planning a classified mission that involves some ASI aircraft. She is concerned that employees not cleared for the mission may learn of it by noticing the movement of many aircraft to the region. Individual employees are cleared to know about the movement of an individual aircraft, but they are not cleared to know about the overall mission. What type of attack is Kim concerned about?
Aggregation
SQL injection
Inference
Multilevel security
What technique can Kim employ to prevent employees not cleared for the mission from learning the true location of the aircraft?
Input validation
Polyinstantiation
Parameterization
Server-side validation
Kim's database uniquely identifies aircraft by using their tail number. Which one of the following terms would not necessarily accurately describe the tail number?
Database field
Foreign key
Primary key
Candidate key
Kim would like to create a key that enforces referential integrity for the database. What type of key does she need to create?
Primary key
Foreign key
Candidate key
Master key
Doug is choosing a software development lifecycle model for use in a project he is leading to develop a new business application. He has clearly defined requirements and would like to choose an approach that places an early emphasis on developing comprehensive documentation. He does not have a need for the production of rapid prototypes or iterative improvement. Which model is most appropriate for this scenario?
Agile
Waterfall
Spiral
DevOps
Which individual bears the ultimate responsibility for data protection tasks?
Data owner
Data custodian
User
Auditor
Carla is conducting a web application security test and would like to automatically generate input that is used to test the application. Which of the following tools would be best suited for this purpose?
Static application testing tool
White-box testing tool
Brute-force testing tool
Fuzz testing tool
Warren's organization recently completed a massive phishing awareness campaign, and he would like to measure its effectiveness. Which of the following tools would best provide this measurement?
Survey
Simulation
Code review
Third-party assessment
Which one of the following controls would be most effective in detecting zero-day attack attempts?
Signature-based intrusion detection
Anomaly-based intrusion detection
Strong patch management
Full-disk encryption
Which one of the following is not a canon of the (ISC)2 Code of Ethics?
Protect society, the common good, necessary public trust and confidence, and the infrastructure.
Promptly report security vulnerabilities to relevant authorities.
Act honorably, honestly, justly, responsibly, and legally.
Provide diligent and competent service to principals.
Which one of the following components should be included in an organization's emergency response guidelines?
Secondary response procedures for incident responders
Long-term business continuity protocols
Activation procedures for the organization's cold sites
Contact information for ordering equipment
When Jim enters his organization's data center, he has to use a smart card and code to enter and is allowed through one set of doors. The first set of doors closes, and he must then use his card again to get through a second set, which locks behind him. What type of control is this, and what is it called?
A physical control; a one-way trapdoor
A logical control; a dual-swipe authorization
A directive control; a one-way access corridor
A preventive access control; a mantrap
Bill implemented RAID level 5 on a server that he operates using a total of three disks. How many disks may fail without the loss of data?
0
1
2
3
Match the following numbered Service Organization Control (SOC) levels to their matching lettered SOC report descriptions:
SOC levels
SOC 1, Type 1
SOC 1, Type 2
SOC 2
SOC 3
SOC report descriptions
A general use report that reports on controls related to compliance and/or operations
A report that provides predefined, standard benchmarks for controls involving confidentiality, availability, integrity, and privacy of a system and the information it contains, generally for restricted use
A report that provides an assessment of the risk of material misstatement of financial statement assertions affected by the service organization's processing and that includes a description of the service auditor's tests of the controls and the results of the tests and their effectiveness
A report that provides the auditor's opinions of financial statements about controls at the service organization and that includes a report on the opinion on the presentation of the service organization's system as well as suitability of the controls