Answers to Practice Exam II
1. D
2. D
3. B
4. A
5. D
6. B
7. C
8. A
9. A
10. B
11. B
12. D
13. B
14. C
15. B
16. A
17. D
18. B
19. B
20. C
21. C
22. D
23. C
24. B
25. C
26. D
27. C
28. D
29. C
30. B
31. B
32. D
33. A
34. C
35. A
36. B
37. C
38. B
39. B
40. C
41. A
42. A
43. C
44. B
45. D
46. A
47. B
48. D
49. B
50. D
51. A
52. A
53. C
54. C
55. C
56. D
57. D
58. B
59. B
60. A
Question 1
The correct answer is D. A fence will not prevent a determined intruder. Although fences can deter an intruder, a determined individual could drive through the fence, cut the fence, blow up the fence, and so on. The best design to deter a determined intruder is 8 feet high with three strands of barbed/razor wire. Chapter 3
Question 2
The correct answer is D. Class D fires result from combustible metals. All other answers are incorrect: Class A fires consist of wood and paper products, Class B fires consist of liquids such as petroleum, and Class C fires are electrical fires. Chapter 3
Question 3
The correct answer is B. Defense in depth can be presented in many ways. It can be layers of the same control or different controls. The outer layer is physical/preventative/deterrent, the second layer is technical/preventative/detective, the third layer is administrative/preventative. When facing this type of question, always identify which type of control you are dealing with: physical, administrative, or technical. Then determine the purpose of the control: detective, preventive, corrective, etc. Chapter 4
Question 4
The correct answer is A. Magnetic strip card keys contain rows of copper strips. Answers B, C, and D are incorrect: electronic circuit card keys have embedded electronic circuits, magnetic stripe card keys have a stripe of magnetic material, and active electronic cards can transmit data. Chapter 8
Question 5
The correct answer is D. Hard-drive encryption offers the best defense against the loss of confidentiality. Answer A is incorrect because integrity programs validate the integrity of installed software but do not validate its confidentiality. Answer B is incorrect; reward labels might or might not encourage someone to return equipment but, again, will not protect its confidentiality. Answer C is incorrect because locking cables might prevent someone from removing a laptop but won’t prevent someone from accessing data on the device. Chapter 2
Question 6
The correct answer is B. If halon is deployed in concentrations of greater than 10% and in temperatures of 900° F or more, it degrades into hydrogen fluoride, hydrogen bromide, and bromine. This toxic brew can be deadly. Answers A, C, and D are incorrect because concentrations must be 10% or greater and temperatures must reach 900° F. Chapter 3
Question 7
The correct answer is C. The NIST standard for perimeter protection using lighting is that critical areas should be illuminated with 2 candle-feet of illuminance at a height of 8 feet. Answers A, B, and D do not match the NIST standards. Chapter 3
Question 8
The correct answer is A. A Type I error occurs when a biometric system denies an authorized individual access. Answer B is incorrect because a Type II error occurs when an unauthorized individual is granted access. Answers C and D are incorrect because Type III and IV errors do not exist. Chapter 8
Question 9
The correct answer is A. When comparing biometric systems, the most important item to consider is the crossover error rate (CER). The CER is the point at which the false acceptance rate meets the false rejection rate. The CER relates to the accuracy of the biometric system. Answers B, C, and D are not correct because there are no biometric measurements known as error acceptance rate, crossover acceptance rate, or failure acceptance rate. Chapter 8
Question 10
The correct answer is B. RSA’s SecurID is an example of synchronous authentication. RSA SecureID devices or tokens use a one-time password that uses a clock that synchronizes the authenticator to the authentication server during the authentication process. Each individual passcode is valid for only a very short period, normally 60 seconds or less and is used with a user name and password for two-factor authentication. Answer A is incorrect because RSA’s SecurID might be part of an SSO system, but this is not an accurate answer. Answer C is incorrect because although the RSA’s SecurID fob itself might be considered a token, it is not the best answer available out of the four to choose from. Answer D is incorrect because asynchronous authentication devices are not synchronized to the authentication server. These devices use a challenge-response mechanism. Chapter 8
Question 11
The correct answer is B. LEAP is considered a weak version of EAP. It makes use if a modified version of CHAP and as such does not adequately protect the authentication process. Answers A, C, and D would all be examples of strong versions of EAP. These stronger options include EAP-FAST, PEAP, or EAP-TLS. Chapter 7
Question 12
The correct answer is D. Single sign-on (SSO) offers the attacker potential access to many systems tied to SSO when authenticated only once. Answer A is incorrect because it is can be breached and offers the intruder access to all systems. SSO does not require much more maintenance and overhead. Answer B is incorrect because although SSO systems such as Kerberos do require clock synchronization, this is not the overriding security issue. Answer C is incorrect because all systems have some type of flaw or drawback. Chapter 8
Question 13
The correct answer is B. Snort started as a signature-based IDS system. Today, Snort has grown to include behavior-based features. A signature-based system examines data to check for malicious content. When data is found that matches one of these known signatures, it can be flagged to initiate further action. Answer A is incorrect because Snort is not a behavior-based IPS system. Answer C is incorrect because Snort is not a behavior-based IDS system. Answer D is incorrect because although Snort is signature-based, it is considered an IDS system, not an IPS system. IPS systems are unlike IDS systems in that IPS systems have much greater response capabilities and allow administrators to initiate action upon being alerted. Chapter 8
Question 14
The correct answer is C. Asynchronous attacks are sometimes called race conditions because the attacker is racing to make a change to the object after it has been changed but before it has been used by the system. Asynchronous attacks typically target timing. The objective is to exploit the delay between the time of check (TOC) and the time of use (TOU). Answers A, B, and D are incorrect because they do not adequately describe a race condition. Chapter 5
Question 15
The correct answer is B. Rings of protection run from ring 0 to ring 3. Ring 2 is the location of I/O drivers and utilities. Answers A, C, and D are incorrect because ring 1 contains parts of the OS that do not reside in the kernel, ring 3 contains applications and programs, and ring 0 is the location of the security kernel. Chapter 5
Question 16
The correct answer is A. Multiprogramming CPUs can interleave two or more programs for execution at any one time. Answer B is incorrect because multitasking CPUs have the capability to perform one or more tasks or subtasks at a time. Answer C is incorrect because there is no type of processor known as multiapp. Answer D is incorrect because the term multiprocessor refers to systems that have the capability to support more than one CPU. Chapter 5
Question 17
The correct answer is D. The ALU portion of the CPU performs arithmetic and logical operations on the binary data. Answers A, B, and C are incorrect because I/O buffers, registers, and the control circuits do not perform arithmetic and logical operations. Chapter 5
Question 18
The correct answer is B. The Biba model is integrity-based and will not allow a subject to write to a higher security level or read from a lower security level. Answer A is the Bell-LaPadula model and is based on confidentiality. Answer C, the State Machine model, seeks to see if one state is valid before moving to another. Answer D, the Clark-Wilson model, is an integrity model and is designed to address all goals of integrity. Chapter 5
Question 19
The correct answer is B. The Orange Book’s official name is the Trusted Computer System Evaluation Criteria (TCSEC). It was developed to evaluate standalone systems for confidentiality. Answer A is incorrect because the Red Book was developed to evaluate integrity and availability. It is also known as Trusted Network Interpretation (TNI). Answer C is incorrect because Common Criteria is a combined version of TCSEC, ITSEC, and the CTCPEC. Answer D is incorrect because the Canadian Trusted Computer Product Evaluation Criteria (CTCPEC) is the Canadian version of the Orange Book. Chapter 5
Question 20
The correct answer is C. The Orange Book rates systems as one of four categories. Category A is verified protection, B is mandatory protection, C is discretionary protection, and D is minimal protection. B1 is the first level in which labels are required. Therefore, answers A, B, and D are incorrect. Chapter 5
Question 21
The correct answer is C. The Trusted Computer Base (TCB) is the totality of protection mechanisms within a computer system. This includes hardware, firmware, software, processes, and some inter-process communications. These items are responsible for enforcing security. Answer A is incorrect because rings of protection are designed to protect the operating system. Answer B is incorrect because the security kernel is the most trusted portion of the operating system. Answer D is incorrect because although resource isolation is an important part of implementing security, it is not the totality of protection mechanisms. Chapter 5
Question 22
The correct answer is D. Session Initiation Protocol (SIP) is an application-layer request-response protocol used for VoIP. SIP is transported by UDP, makes use of TCP, and is vulnerable to sniffing attacks. More details can be found in RFC 2543. Answer A is incorrect because there is no protocol SKYP; the proprietary protocol named Skype offers encryption and is used for a peer-to-peer Internet phone service. Answer B is incorrect because SLIP is used by ISPs for dialup connections. Answer C is incorrect because S/MIME is used to secure email. Chapter 7
Question 23
The correct answer is C. 802.11b uses direct sequence spread spectrum (DSSS) technology. DSSS is a transmission method that transmits the data along with a chipping bit to increase the signal’s resistance to interference. Answer A is incorrect because Bluetooth uses frequency-hopping spread spectrum. Answer B is incorrect because 802.11a uses orthogonal frequency-division multiplexing. Answer D is incorrect because 802.11ac uses MIMO-OFDM. Chapter 7
Question 24
The correct answer is B. A rogue AP is an unauthorized AP attached to the corporate network. These unauthorized APs represent one of the biggest threats to any secure network. Answer A is incorrect because a connection to an unauthorized modem is not a valid answer. Answer C is incorrect because attaching a modem is not the definition of a rogue AP. Answer D is incorrect because connecting to an unsecured network is not a rogue AP but might be considered an act of war driving. Chapter 7
Question 25
The correct answer is C. Pulse code modulation (PCM) is used to digitize voice with 8 bits of sampling 8,000 times per second, which yields 64Kbps for one DS0 channel. Answers A, B, and D are incorrect because 28.8Kbps, 56Kbps, and 128Kbps are not the rates of transmission for one DS0 channel. Chapter 7
Question 26
The correct answer is D. T1s use time division to break the individual DS0s into 24 separate channels. Time division is the allotment of available bandwidth based on time. It allows the T1 to carry both voice and data at the same time. Answer A is incorrect because there is no system known as channel division. Answer B is incorrect because FHSS is used by mobile devices. Answer C is incorrect because T1s do not use frequency division. Chapter 7
Question 27
The correct answer is C. The disaster recovery plan (DRP) focuses on how to repair and restore the data center and information at an original or new primary site. Answer A is incorrect because the business continuity plan (BCP) is focused on the continuation of critical services. Answer B is incorrect because business continuity management (BCM) is about building a framework for a capable response. Answer D is incorrect because a business impact analysis (BIA) is the functional analysis used to identify the potential impact if an outage occurred. Chapter 12
Question 28
The correct answer is D. Software escrow agreements are used to provide protection for source code in case the manufacturer declares bankruptcy or goes broke. The three items that are most critical in this agreement are where the code will be deposited, under what conditions the code will be released, and the terms of use of the source code upon its release to the user. Answer A is incorrect because government access to keys deals with the government’s desire to maintain cryptographic keys used by industry. Answer B is incorrect because mutually assured destruction (MAD) is a term not associated with software protection. Answer C is incorrect because electronic vaulting is a term that describes the bulk transfer of data. Chapter 12
Question 29
The correct answer is C. The Safe Harbor Act describes the cooperative effort between the United States and Europe to exchange information about European citizens between European firms and North American parent corporations. It was enacted because of the large numbers of individuals who have been victims of identity theft and because of the increase of misuses of personal information laws and agreements. Answer A is incorrect because although SB 168 deals with privacy, it is a state law that took effect in 2002, preventing businesses from using California residents’ Social Security numbers as unique identifiers. Answer B is incorrect because there is no law known as the Demar Act. Answer D is incorrect because the name of the act is not Safety Shield. Chapter 4
Question 30
The correct answer is B. A bit copy, or physical copy, captures all the data on the copied medium and reproduces an exact copy that includes hidden and residual data, slack space, swap contents, deleted files, and other data remnants. This allows the examiner to perform an analysis of the copy and store the original. Answer A is incorrect because a logical copy will not completely duplicate the structure of the original media. Answer C is incorrect because Microsoft backup is not an approved product for forensic analysis. Answer D is incorrect because although Xcopy can duplicate files, it does not provide a bit-level copy of the original medium. Chapter 9
Question 31
The correct answer is B. Secure Electronic Transaction (SET) was developed by MasterCard and Visa to be used on the Internet for credit card transactions. It uses digital signatures. Answer A is incorrect because SET is not used for digital signatures. Answer C is incorrect because SET is not used for key exchange, and Victor Miller and Neal Koblitz are the creators of ECC. Answer D is incorrect because SET does not use SSL. Chapter 6
Question 32
The correct answer is D. Knowledge Discovery in Databases (KDD) is an artificial intelligence method used to identify useful patterns in data; as such, it provides a type of automatic analysis. Answer A is incorrect because polyinstantiation is a technique used to prevent inference violations. Answer B is incorrect because known signature scanning is a method used to detect computer viruses. Answer C is incorrect because the application programming interface (API) is in no way associated with artificial intelligence. Chapter 11
Question 33
The correct answer is A. Although RFC 1035 does allow DNS lookups over TCP this service is provided for only when lookups are greater than 512 bytes; typically UDP 53 is used. Answers B, C, and D are incorrect because UDP 69 is used for TFTP, TCP 53 is used for zone transfers, and UDP 161 is used for SNMP. Chapter 7
Question 34
The correct answer is C. Running an MD5sum would be the best way for Bob to verify the program. MD5sum is a hashing algorithm. Answer A is incorrect because AES is a symmetric algorithm and will not help Bob verify the program. Answer B is incorrect because the size and date might match the information found on the developer’s website, but the program might have still been altered. Answer D is incorrect because a digital signature will not verify the integrity of the program. Chapter 6
Question 35
The correct answer is A. IMAP is associated with email, but it is not an email security standard, it is a protocol to receive email and excels over POP3 when working with mail on multiple devices/clients it also leaves a copy on the server. Although answers B, C, and D are all incorrect, they do specify valid email security standards: MIME Object Security Services (MOSS), Pretty Good Privacy (PGP), and Privacy Enhanced Email (PEM). Chapter 6
Question 36
The correct answer is B. With link encryption, the message is decrypted and re-encrypted as it passes through each successive node using a key common to the two nodes. Answers A, C, and D are incorrect because they all describe end-to-end encryption. Chapter 6
Question 37
The correct answer is C. Diameter uses RADIUS as a base and is considered the next generation of authentication, authorization, and accounting services for the Internet with over 16 million attribute variable pair (AVP) tags for negotiation. Answer A is incorrect because TACACS is not considered a base for Diameter. Answer B is incorrect because TACACS+ is a Cisco protocol but is widely used. Answer D is incorrect because Kerberos is not associated with Diameter but is considered a single sign-on technology. Chapter 8
Question 38
The correct answer is B. Programmers involved in database management talk about the ACID test when discussing whether a database management system has been properly designed to handle transactions. The ACID test addresses atomicity, consistency, isolation, and durability. Answer A is incorrect because the ACID test does not deal with behavior-based IDS systems. Answer C is incorrect because ACID is not related to signature-based IDS systems. Answer D is incorrect because the ACID test is not related to the strength of a cryptographic function. Chapter 11
Question 39
The correct answer is B. Redundant Array of Inexpensive Tape (RAIT) is used to back up systems by means of a tape array that stripes the data across the tape. Answer A is incorrect because RAID is not typically used for backup. Answer C is incorrect because JBOD (Just a Bunch of Disks) offers no backup or fault tolerance. Answer D is incorrect because MAID (Massive Array of Inactive Disks) is not a type of tape backup. Chapter 10
Question 40
The correct answer is C. RC4 is a stream cipher. It has been implemented in products such as SSL and WEP. Answer A is incorrect because DES is a block cipher with a 56-bit key size. Answer B is incorrect because Skipjack is a block cipher with a default 80-bit key size. Answer D is incorrect because Twofish is a 256-bit key size block cipher. Chapter 6
Question 41
The correct answer is A. Electronic Code Book (ECB) is fast and simple but is also the weakest mode of DES. Answer B is incorrect because Cipher Block Chaining (CBC) is not the weakest mode of DES. Answer C is incorrect because Cipher Feedback (CFB) is more secure than ECB and OFB. Answer D is incorrect because Output Feedback (OFB) is not the weakest, but it can’t detect integrity errors as well as CFB. Chapter 6
Question 42
The correct answer is A. The statement “access and use of the Internet is a privilege and should be treated as such by all users” is part of RFC 1087, which is titled “Ethics and the Internet”. Answer B is incorrect because the statement is not part of the ISC2 Code of Ethics. Answer C is incorrect because the statement is not part of the Ten Commandments of Computer Ethics. Answer D is incorrect because RFC 1109 addresses network management, not ethics. Chapter 4
Question 43
The correct answer is C. The waterfall method is the oldest and one of the most well-known methods for developing software systems. It was developed in the 1970s and is divided into phases. Each phase contains a list of activities that must be performed before the next phase can begin. Answer A is incorrect because the spiral model is a combination of the waterfall and prototyping methods. Answer B is incorrect because the clean room software development method focuses on ways to prevent defects rather than ways to remove them. Answer D is incorrect because prototyping was developed in the 1980s to overcome weaknesses in the waterfall method. It is a four-step process: develop an initial concept, design and implement an initial prototype, refine the prototype until it is acceptable, and then complete and release the final version of the software. Chapter 11
Question 44
The correct answer is B. A multipartite virus can infect both boot sectors and program files. Answer A is incorrect because file infector viruses infect files. Answer C is incorrect because a polymorphic virus is one that has the capability to change. Answer D is incorrect because system infector viruses infect system files. Chapter 9
Question 45
The correct answer is D. HTTPS uses TCP and port 443. Answer A is incorrect because port 80 is used for HTTP, answer B is incorrect because port 110 is used for POP3, and answer C is incorrect because port 111 is for network file service. Chapter 7
Question 46
The correct answer is A. Hierarchical databases link records in a tree structure so that each record type has only one owner. Hierarchical databases date from the information management systems of the 1950s and 1960s. Answer B is incorrect because network databases were not the first. Answer C is incorrect because although relational databases are the most widely used, they were not the first. Answer D is incorrect because they were not the first but were designed to overcome some of the limitations of relational databases. Chapter 11
Question 47
The correct answer is B. IEEE divides the OSI data link layer into sublayers. The upper half is the Logical Link Control (LLC) layer and the lower half is the Media Access Control (MAC) layer. The LLC is based on HDLC; the MAC is where 802.3 addressing is performed. Answers A, C, and D are incorrect because none of these terms matches the proper definition of the sublayers of the data link layer. Chapter 7
Question 48
The correct answer is D. An access control matrix is used to associate the relationship and rights of subjects and objects. A is not the correct answer because MAC uses security labels on objects and clearances for subjects. Answer B is incorrect because RBAC would be based on roles and containers, not users. C is incorrect as LBAC is based on the interaction between any combination of objects and subjects. LBAC provides upper and lower limits for a user. Chapter 8
Question 49
The correct answer is B. Subjects are the active entity, objects are the passive entity. A subject does not have to be a person; it can be an application. However, in this scenario the subject—the active entity—is the list of names. A C, and D are not the correct answers because these are not the definition of a subject and object. It’s important that anyone preparing for the exam become intimately familiar with the CBK terminology. Chapter 8
Question 50
The correct answer is D. A service set ID (SSID) is used to identify 802.11 networks. The SSID is a 32-bit character string that acts as a shared identifier and that some describe as a very weak password. The SSID is used to differentiate one WLAN from another. Answer A is incorrect because a security ID (SID) is an identifier used in conjunction with Microsoft domains. Answer B is incorrect because a broadcast name is not the means of identifying a WLAN. Answer C is incorrect because Kismet is a Linux software program used to sniff wireless traffic. Chapter 7
Question 51
The correct answer is A. British standard 7799 formed the underpinnings of the later-developed ISO 17799. This document is considered the code of practice for information security management. Answers B, C, and D are incorrect because the Canadian Trusted Computer Product Evaluation Criteria, Information Technology Security Evaluation Criteria, and Trusted Computer System Evaluation Criteria did not form the underpinnings of the later-developed ISO 17799. Chapter 5
Question 52
The correct answer is A. An evaluation that is carried out and meets an evaluation assurance level (EAL) of 1 specifies that the design has been functionally tested. Answers B, C, and D are incorrect because EAL 2 = structurally tested; EAL 4 = methodically designed, tested, and reviewed; and EAL 5 = semi-formally designed and tested. Chapter 5
Question 53
The correct answer is C. Clark-Wilson does not provide for the confidentiality of the information; Clark-Wilson deals with all three goals of integrity. Answers A, B, and D are all incorrect because the question asks which aspect Clark-Wilson does not address. Chapter 5
Question 54
The correct answer is C. The data custodian is responsible for maintaining and protecting the company’s assets and data on a macro level. Answer A is incorrect because the user is the individual who uses the documentation. Answer B is incorrect because the data owner is responsible for protecting the data. Answer D is incorrect because the auditor makes periodic reviews of the documentation and verifies that it is complete and that users are following its guidelines. Chapter 2
Question 55
The correct answer is C. Single loss expectancy (SLE) × Annualized rate of occurrence (ARO) is the formula used to determine ALE. Answers A, B, and D are incorrect because they are not the formulas used to calculate ALE. Chapter 4
Question 56
The correct answer is D. A qualitative assessment ranks the seriousness of threats and sensitivity of assets into grades or classes, such as low, medium, and high. It is performed by experts or external consultants and is based on risk scenarios. Although purely quantitative risk assessment is not possible, purely qualitative risk analysis is. Answers A, B, and C are incorrect because they do not adequately describe qualitative risk assessment. Chapter 4
Question 57
The correct answer is D. The facilitated risk-assessment process (FRAP) is an example of a qualitative assessment technique. It is not used for BCP, quantitative assessment, or DRP; therefore, answers A, B, and C are incorrect. Chapter 4
Question 58
The correct answer is B. The U.S. Department of Defense data classification standard classifies data as unclassified, sensitive, confidential, secret, and top secret. Answer A is incorrect because ISO 17799 is an international security standard policy. Answer C is incorrect because RFC 2196 is the site security handbook and does not address data-classification standards. Answer D is incorrect because there is no CDCS standard. Chapter 2
Question 59
The correct answer is B. Risk rejection is the least acceptable course of action because individuals have decided that risk does not exist and are ignoring it. Answer A is incorrect because risk reduction occurs when a countermeasure is implemented to alter or reduce the risk. Answer C is incorrect because risk transference transfers the risk to a third party. Answer D is incorrect because risk acceptance means that the risk is analyzed, but the individuals responsible have decided that they will accept such risk. Chapter 4
Question 60
The correct answer is A. Risk management requires that vulnerabilities be examined, that loss expectancy be calculated, that a probability of occurrence be determined, and that the costs of countermeasures be estimated. Only then can it be determined whether the value of the asset outweighs the cost of protection. It is possible that the cost of protection outweighs the value of the asset. Whereas some risk assessments use dollar amounts (quantitative) to value the assets, others use ratings (qualitative) based on breaches of confidentiality, integrity, and availability to measure value. Chapter 4