Appendix A

Practice CISSP Exam

If you’ve never taken a certification exam, you may be wondering what the exam will be like. The CISSP certification exam is fairly straightforward: Each question is multiple-choice and includes four possible answers. Only one answer is the best answer.

This chapter contains 250 questions — the same as in the real CISSP exam. You may consider this a practice run for the CISSP exam. You should time yourself and make sure you can finish in six hours.

Practice Test Questions

1 The number-one priority of disaster planning should always be:

A Preservation of capital

B Personnel evacuation and safety

C Resumption of core business functions

D Investor relations

2 An access control system that grants access to information based on that information’s classification and the clearance of the individual is known as:

A Identity-based access control

B Mandatory access control

C Role-based access control

D Clearance-based access control

3 A database that contains the data structures used by an application is known as:

A A data encyclopedia

B A data dictionary

C Metadata

D A schema

4 The process of breaking the key and/or plaintext from an enciphered message is known as:

A Decryption

B Steganography

C Cryptanalysis

D Extraction

5 The Internet Worm incident of 1988 was perpetrated by:

A The 414 Gang

B Robert Morris

C Kevin Mitnick

D Gene Spafford

6 Access controls and card key systems are examples of:

A Detective controls

B Preventive controls

C Corrective controls

D Trust controls

7 Why should a datacenter’s walls go all the way to the ceiling and not just stop as high as the suspended ceiling?

A The walls will be stronger.

B The HVAC will run more efficiently.

C An intruder could enter the datacenter by climbing over the low wall.

D The high wall will block more noise.

8 Memory that’s used to store computer instructions and data is known as:

A UART

B SIMM

C Cache

D ROM

9 Of what value is separation of authority in an organization?

A It limits the capabilities of any single individual.

B It provides multiple paths for fulfilling critical tasks.

C It accommodates the requirement for parallel audit trails.

D It ensures that only one person is authorized to perform each task.

10 UDP is sometimes called the “unreliable data protocol” because:

A It works only on low-speed wireless LANs.

B UDP packets rarely get through because they have a lower priority.

C Few know how to program UDP.

D UDP does not guarantee delivery.

11 Which of the following is NOT a goal of a Business Impact Assessment (BIA)?

A To inventory mutual aid agreements

B To identify and prioritize business critical functions

C To determine how much downtime the business can tolerate

D To identify resources required by critical processes

12 An access control system that grants access to information based on the identity of the user is known as:

A Identity-based access control

B Mandatory access control

C Role-based access control

D Clearance-based access control

13 The purpose of a Service-Level Agreement is:

A To guarantee a minimum quality of service for an application or function

B To guarantee the maximum quality of service for an application or function

C To identify gaps in availability of an application

D To correct issues identified in a security audit

14 The method of encryption in which both sender and recipient possess a common encryption key is known as:

A Message digest

B Hash function

C Public key cryptography

D Secret key cryptography

15 Forensics is the term that describes:

A Due process

B Tracking hackers who operate in other countries

C Taking steps to preserve and record evidence

D Scrubbing a system in order to return it to service

16 Audit trails and security cameras are examples of:

A Detective controls

B Preventive controls

C Corrective controls

D Trust controls

17 How does water aid in fire suppression?

A It reduces the fire’s oxygen supply.

B It isolates the fire’s fuel supply.

C It lowers the temperature to a degree at which the fire can’t sustain itself.

D It extinguishes the fire through a chemical reaction.

18 Firmware is generally stored on:

A ROM or EPROM

B Tape

C RAM

D Any removable media

19 The term open view refers to what activity?

A Reclassifying a document so that anyone can view it

B Viewing the contents of one’s private encryption key

C Leaving classified information where unauthorized people can see it

D Using a decryption key to view the contents of a message

20 TCP is a poor choice for streaming video because:

A It is too bursty for large networks.

B Acknowledgment and sequencing add significantly to its overhead.

C Checksums in video packets are meaningless.

D TCP address space is nearly exhausted.

21 The longest period of time that an organization can accept a critical outage is known as:

A Maximum Acceptable Downtime

B Greatest Tolerated Downtime

C Maximum Tolerable Downtime

D Recovery Time Objective

22 An access control system that gives the user some control over who has access to information is known as:

A Identity-based access control

B User-directed access control

C Role-based access control

D Clearance-based access control

23 CRCs, parity checks, and checksums are examples of:

A Corrective application controls

B Message digests

C Preventive application controls

D Detective application controls

24 Why would a user’s public encryption key be widely distributed?

A So that cryptographers can attempt to break it

B Because it’s encrypted

C Because the user’s private key can’t be derived from his or her public key

D So that the user can decrypt messages from any location

25 An expert witness:

A Offers an opinion based on the facts of a case and on personal expertise

B Is someone who was present at the scene of the crime

C Has direct personal knowledge about the event in question

D Can testify in criminal proceedings only

26 Reboot instructions and file restore procedures are examples of:

A Detective controls

B Preventive controls

C Corrective controls

D Trust controls

27 Drain pipes that channel liquids away from a building are called:

A Positive drains

B Tight lines

C Storm drains

D Negative drains

28 What’s the purpose of memory protection?

A It protects memory from malicious code.

B It prevents a program from being able to access memory used by another program.

C Memory protection is another term used to describe virtual memory backing store.

D It assures that hardware refresh happens frequently enough to maintain memory integrity.

29 Which individual is responsible for classifying information?

A Owner

B Custodian

C Creator

D User

30 How many layers does the TCP/IP protocol model have?

A 4

B 5

C 6

D 7

31 The primary difference between a hot site and a warm site is:

A The hot site is closer to the organization’s datacenters than the warm site.

B The warm site’s systems don’t have the organization’s software or data installed.

C The warm site doesn’t have computer systems in it.

D The warm site is powered down, but the hot site is powered up and ready to go.

32 Encryption, tokens, access control lists, and smart cards are known as:

A Discretionary access controls

B Physical controls

C Technical controls

D Administrative controls

33 Data mining:

A Can be performed by privileged users only

B Is generally performed after hours because it’s resource-intensive

C Refers to searches for correlations in a data warehouse

D Is the term used to describe the activities of a hacker who has broken into a database

34 Reading down the columns of a message that has been written across is known as:

A A columnar transposition cipher

B Calculating the hash

C Calculating the checksum

D Calculating the modulo

35 A witness:

A Offers an opinion based on the facts of a case and on personal expertise

B Is someone who was present at the scene of the crime

C Has direct personal knowledge about the event in question

D Can testify in criminal proceedings only

36 Covert channel analysis is used to:

A Detect and understand unauthorized communication

B Encipher unauthorized communications

C Decipher unauthorized communications

D Recover unauthorized communications

37 Of what value is pre-employment screening?

A Undesirable medical or genetic conditions could diminish productivity.

B Only certain personality types can work effectively in some organizations.

C Employees need to have knowledge of security.

D Background checks could uncover undesirable qualities.

38 The mapping of existing physical memory into a larger, imaginary memory space is known as:

A Virtual memory

B Swapping

C Thrashing

D Spooling

39 Which individual is responsible for protecting information?

A Owner

B Custodian

C Creator

D User

40 ARP is:

A Access Routing Protocol

B Address Resolution Protocol

C Access Resolution Protocol

D Address Recovery Protocol

41 Which of the following is NOT a concern for a hot site?

A Programs and data at the hot site must be protected.

B A widespread disaster will strain the hot site’s resources.

C A hot site is expensive because of the controls and patches required.

D Computer equipment must be shipped quickly to the hot site for it to be effective.

42 Supervision, audits, procedures, and assessments are known as:

A Discretionary access controls

B Safeguards

C Physical controls

D Administrative controls

43 Object-oriented, relational, and network are examples of:

A Types of database tables

B Types of database records

C Types of database queries

D Types of databases

44 An asymmetric cryptosystem is also known as a:

A Message digest

B Hash function

C Public key cryptosystem

D Secret key cryptosystem

45 Entrapment is defined as:

A Leading someone to commit a crime that they wouldn’t otherwise have committed

B Monitoring with the intent of recording a crime

C Paying someone to commit a crime

D Being caught with criminal evidence in one’s possession

46 Least privilege means:

A Analysis that determines which privileges are required to complete a task.

B People who have high privileges delegate some of those privileges to others.

C The people who have the fewest access rights do all the work.

D Users should have the minimum privileges required to perform required tasks.

47 Which of the following is NOT a part of a building’s automated access audit log?

A Time of the attempted entry

B The reason for the attempted entry

C Location of attempted entry

D Entry success or failure

48 Systems that have published specifications and standards are known as:

A Open source

B Copyleft

C Freeware

D Open systems

49 Which of the following is NOT a criterion for classifying information?

A Marking

B Useful life

C Value

D Age

50 What is the purpose of ARP?

A When given an IP address, ARP returns a MAC address.

B When given a MAC address, ARP returns an IP address.

C It calculates the shortest path between two nodes on a network.

D It acquires the next IP address on a circular route.

51 The Disaster Recovery Plan (DRP) needs to be continuously maintained because:

A The organization’s software versions are constantly changing.

B The organization’s business processes are constantly changing.

C The available software patches are constantly changing.

D The organization’s data is constantly changing.

52 Security guards, locked doors, and surveillance cameras are known as:

A Site-access controls

B Safeguards

C Physical access controls

D Administrative controls

53 Neural networking gets its name from:

A The make and model of equipment in a network

B Patterns thought to exist in the brain

C Its inventor, Sigor Neura

D Observed patterns in neural telepathy

54 The process of hiding a message inside a larger dataset is known as:

A Decryption

B Steganography

C Cryptanalysis

D Extraction

55 Enticement is defined as:

A Being caught with criminal evidence in one’s possession

B Leading someone to commit a crime that they wouldn’t otherwise have committed

C Monitoring with the intent of recording a crime

D Keeping the criminal at the scene of the crime long enough to gather evidence

56 The practice of separation of duties:

A Is used to provide variety by rotating personnel among various tasks

B Helps to prevent any single individual from compromising an information system

C Is used to ensure that the most experienced persons get the best tasks

D Is used in large 24x7 operations shops

57 Tailgating is a term describing what activity?

A Logging in to a server from two or more locations

B Causing a PBX to permit unauthorized long distance calls

C Following an employee through an uncontrolled access

D Following an employee through a controlled access

58 Which of the following is NOT a security issue with distributed architectures?

A Lack of security awareness by some personnel.

B Difficulty in controlling the distribution and use of software.

C Protection of centrally stored information.

D Backups might not be performed on some systems, risking loss of data.

59 What’s the purpose of a senior management statement of security policy?

A It defines who’s responsible for carrying out a security policy.

B It states that senior management need not follow a security policy.

C It emphasizes the importance of security throughout an organization.

D It states that senior management must also follow a security policy.

60 What is the purpose of RARP?

A When given an IP address, RARP returns a MAC address.

B When given a MAC address, RARP returns an IP address.

C It traces the source address of a spoofed packet.

D It determines the least cost route through a multipath network.

61 How is the organization’s DRP best kept up-to-date?

A With regular audits to ensure that changes in business processes are known

B By maintaining lists of current software versions, patches, and configurations

C By maintaining personnel contact lists

D By regularly testing the DRP

62 Role-based access control and task-based access control are examples of:

A Mandatory access controls

B Administrative controls

C Discretionary access controls

D Non-discretionary access controls

63 The verification activity associated with coding is called:

A Unit testing

B Design review

C System testing

D Architecture review

64 Steganography isn’t easily noticed because:

A Monitor and picture quality are so good these days.

B Most PCs’ speakers are turned off or disabled.

C The human eye often can’t sense the noise that steganography introduces.

D Checksums can’t detect most steganographed images.

65 The purpose of a honeypot is to:

A Log an intruder’s actions.

B Act as a decoy to keep the intruder interested while his or her origin and identity are traced.

C Deflect Denial of Service attacks away from production servers.

D Provide direct evidence of a break-in.

66 Which of the following tasks would NOT be performed by a security administrator?

A Changing file permissions

B Configuring user privileges

C Installing system software

D Reviewing audit data

67 What does fail open mean in the context of controlled building entrances?

A Controlled entrances permit no one to pass.

B Controlled entrances permit people to pass without identification.

C A power outage won’t affect control of the entrance.

D A pass key is required to enter the building.

68 TCB is an acronym for:

A Trusted Computing Baseline

B Trusted Computing Base

C Tertiary Computing Base

D Trusted Cache Base

69 What is the purpose of an “advisory policy”?

A This is an optional policy that can be followed.

B This is an informal offering of advice regarding security practices.

C This is a temporary policy good only for a certain period of time.

D This is a policy that must be followed but is not mandated by regulation.

70 132.116.72.5 is a:

A MAC address

B IPv4 address

C Subnet mask

D IPv6 address

71 An organization that’s developing its DRP has established a 20 minute Recovery Time Objective (RTO). Which solution will best support this objective?

A Cluster

B Cold site

C Hot site

D Virtualization

72 Audits, background checks, video cameras, and listening devices are known as:

A Discretionary controls

B Physical controls

C Preventive controls

D Detective controls

73 What’s the primary input of a high-level product design?

A Feasibility study

B Integration rules

C Unit testing

D Requirements

74 What historic event was the backdrop for breakthroughs in strategic cryptography?

A The Gulf War

B World War I

C World War II

D The Six-Day War

75 Which of the following is NOT a precaution that needs to be taken before monitoring e-mail?

A Establishing strict procedures that define under what circumstances e-mail may be searched

B Posting a visible notice that states e-mail is company information subject to search

C Issuing monitoring tools to all e-mail administrators

D Making sure that all employees know that e-mail is being monitored

76 What’s the potential security benefit of rotation of duties?

A It reduces the risk that personnel will perform unauthorized activities.

B It ensures that all personnel are familiar with all security tasks.

C It’s used to detect covert activities.

D It ensures security because personnel aren’t very familiar with their duties.

77 What does fail closed mean in the context of controlled building entrances?

A Controlled entrances permit no one to pass.

B Controlled entrances permit people to pass without identification.

C The access control computer is down.

D Everyone is permitted to enter the building.

78 The sum total of all protection mechanisms in a system is known as a:

A Trusted Computing Base

B Protection domain

C Trusted path

D SPM (Summation Protection Mechanism)

79 What is the definition of a “threat”?

A Any event that produces an undesirable outcome.

B A weakness present in a control or countermeasure.

C An act of aggression that causes harm.

D An individual likely to violate security policy.

80 04:c6:d1:45:87:E8 is a:

A MAC address

B IPv4 address

C Subnet mask

D IPv6 address

81 Which of the following is NOT a natural disaster?

A Tsunami

B Pandemic

C Flood

D Communications outage

82 Smart cards, fences, guard dogs, and card key access are known as:

A Mandatory controls

B Physical controls

C Preventive controls

D Detective controls

83 The main improvement of the Waterfall software life cycle model over earlier process models is:

A System and software requirements are combined into one step.

B Developers can back up one step in the process for rework.

C Coding and testing is combined into one step.

D The need for rework was eliminated.

84 Non-repudiation refers to:

A The technology that shoots down the “I didn’t send that message” excuse

B Re-verification of all Certificate Authority (CA) certificate servers

C The annual competency review of system authentication mechanisms

D The annual competency review of network authentication mechanisms

85 Intellectual property laws apply to:

A Trade secrets, trademarks, copyrights, and patents

B Trademarks, copyrights, and patents

C Trademarks only

D Patents only

86 The process of reviewing and approving changes in production systems is known as:

A Availability management

B Configuration management

C Change management

D Resource control

87 A water sprinkler system that’s characterized as always having water in the pipes is known as:

A Dry-pipe

B Wet-pipe

C Preaction

D Discharge

88 The mechanism that overlaps hardware instructions to increase performance is known as:

A RISC

B Pipeline

C Pipe dream

D Multitasking

89 A weakness in a security control is called a:

A Risk

B Vulnerability

C Threat

D Hole

90 The “ping” command sends:

A IGRP Echo Reply packets

B IGRP Echo Request packets

C ICMP Echo Request packets

D UDP Echo Request packets

91 The term remote journaling refers to:

A A mechanism that transmits transactions to an alternative processing site

B A procedure for maintaining multiple copies of change control records

C A procedure for maintaining multiple copies of configuration management records

D A mechanism that ensures the survivability of written records

92 Is identification weaker than authentication?

A Yes: Identity is based only on the assertion of identity without providing proof.

B Yes: Identification uses ASCII data, whereas authentication uses binary data.

C No: Identification and authentication provide the same level of identity.

D No: They are used in different contexts and have nothing to do with each other.

93 A project team is at the beginning stages of a new software development project. The team wants to ensure that security features are present in the completed software application. In what stage should security be introduced?

A Requirements development

B Test plan development

C Application coding

D Implementation plan development

94 The amount of effort required to break a given ciphertext is known as:

A The Work function

B The Effort function

C Cryptanalysis

D Extraction

95 In order to be admissible, electronic evidence must:

A Be legally permissible

B Not be copied

C Have been in the custody of the investigator at all times

D Not contain viruses

96 The process of maintaining and documenting software versions and settings is known as:

A Availability management

B Configuration management

C Change management

D Resource control

97 A water sprinkler system that charges the pipes when it receives a heat or smoke alarm, and then discharges the water when a higher ambient temperature is reached, is known as:

A Dry-pipe

B Wet-pipe

C Preaction

D Discharge

98 FORTRAN, BASIC, and C are known as:

A Structured languages

B Nested languages

C Second-generation languages

D Third-generation languages

99 A security control intended to reduce risk is called a:

A Safeguard

B Threat

C Countermeasure

D Partition

100 SMTP is used to:

A Manage multiple telnet sessions.

B Tunnel private sessions through the Internet.

C Simulate modems.

D Transport e-mail.

101 Backing up data by sending it through a communications line to a remote location is known as:

A Transaction journaling

B Off-site storage

C Electronic vaulting

D Electronic journaling

102 Two-factor authentication is so called because:

A It requires two of the three authentication types.

B Tokens use two-factor encryption to hide their secret algorithms.

C Authentication difficulty is increased by a factor of two.

D It uses a factor of two prime numbers algorithm for added strength.

103 Which of the following is NOT a value of change control in the software development life cycle?

A Changes are documented and subject to approval.

B Scope creep is controlled.

C It gives the customer veto power over proposed changes.

D The cost of changes is considered.

104 What’s one disadvantage of an organization signing its own certificates?

A The certificate-signing function is labor intensive.

B Anyone outside the organization will receive warning messages.

C The user-identification process is labor intensive.

D It’s much more expensive than having certificates signed by a Certification Authority (CA).

105 Which agency has jurisdiction over computer crimes in the United States?

A The Department of Justice

B The Electronic Crimes Task Force

C Federal, state, or local jurisdiction

D The FBI and the Secret Service

106 Configuration Management is used to:

A Document the approval process for configuration changes.

B Control the approval process for configuration changes.

C Ensure that changes made to an information system don’t compromise its security.

D Preserve a complete history of the changes to software or data in a system.

107 Why would a dry-pipe sprinkler be preferred over a wet-pipe sprinkler?

A Dry-pipe systems put out a fire more quickly.

B Dry-pipe systems consume less water.

C Dry-pipe systems have a smaller likelihood of rust damage.

D Dry-pipe systems have a potentially useful time delay before water is discharged.

108 The purpose of an operating system is to:

A Manage hardware resources.

B Compile program code.

C Decompile program code.

D Present graphic display to users.

109 The purpose of risk analysis is:

A To qualify the classification of a potential threat.

B To quantify the likelihood of a potential threat.

C To quantify the net present value of an asset.

D To quantify the impact of a potential threat.

110 Which of the following is a disadvantage of SSL?

A It requires a certificate on every client system.

B It is CPU intensive.

C All clients must be retrofitted with HTTP v3 browsers.

D An eavesdropper can record and later play back an SSL session.

111 Which of the following is NOT a method used to create an online redundant data set?

A Remote journaling

B Off-site storage

C Electronic vaulting

D Database mirroring

112 The phrase something you are refers to:

A A user’s security clearance

B A user’s role

C Type 2 authentication

D Type 3 authentication

113 How does the Waterfall software development life cycle help to assure that applications will be secure?

A Security requirements can be included early on and verified later in testing.

B The testing phase includes penetration testing.

C The Risk Analysis phase will uncover flaws in the feasibility model.

D A list of valid users must be approved prior to production.

114 The ability for a government agency to wiretap a data connection was implemented in the:

A Skipjack chip

B Magic lantern

C Cutty chip

D Clipper chip

115 Under what circumstance may evidence be seized without a warrant?

A If it’s in the public domain

B If it’s believed that its destruction is imminent

C In international incidents

D If it’s on a computer

116 The traces of original data remaining after media erasure are known as:

A Data remanence

B Data traces

C Leakage

D Data particles

117 Why should a datacenter’s walls go all the way to the ceiling and not just stop as high as the suspended ceiling?

A The walls will serve as an effective fire break.

B The HVAC will run more efficiently.

C The walls will be stronger.

D The high wall will block more noise.

118 Protection rings are used for:

A Implementing memory protection

B Creating nested protection domains

C Modeling layers of protection around an information object

D Shielding systems from EMF

119 Annualized Rate of Occurrence refers to:

A The exact frequency of a threat.

B The estimated frequency of a threat.

C The estimated monetary value of a threat.

D The exact monetary value of a threat.

120 An access control list is NOT used by:

A A firewall or screening router to determine which packets should pass through.

B A router to determine which administrative nodes may access it.

C A bastion host to determine which network services should be permitted.

D A client system to record and save passwords.

121 A DRP that has a high RPO and a low RTO will result in:

A A system that takes more time to recover but has recent data

B A system that recovers quickly but has old data

C A system that recovers quickly and has recent data

D A system that has never been tested

122 Two-factor authentication is stronger than single-factor authentication because:

A It uses a factor of two prime numbers algorithm for added strength.

B It relies on two factors, such as a password and a smart card.

C Authentication difficulty is increased by a factor of two.

D The user must be physically present to authenticate.

123 The main purpose of configuration management is to:

A Require cost justification for any change in a software product.

B Require approval for any desired change in a software product.

C Maintain a detailed record of changes for the lifetime of a software product.

D Provide the customer with a process for requesting configuration changes.

124 The cipher device used by Germany in World War II is known as:

A M-922

B M-902

C Enigma

D Turing

125 Motive, means, and opportunity:

A Are required prior to the commission of a crime

B Are the required three pieces of evidence in any criminal trial

C Are the three factors that help determine whether someone may have committed a crime

D Are the usual ingredients in a sting operation

126 Software controls are used to:

A Perform input checking to ensure that no buffer overflows occur.

B Keep running programs from viewing or changing other programs’ memory.

C Perform configuration management-like functions on software.

D Ensure the confidentiality and integrity of software.

127 Which of the following are NOT fire detectors?

A Dial-up alarms

B Heat-sensing alarms

C Flame-sensing alarms

D Smoke-sensing alarms

128 The TCSEC document is known as the Orange Book because

A It’s orange in color.

B It covers the major classes of computing system security, D through A.

C Its coverage of security was likened to the defoliant Agent Orange.

D No adequate model of computing system security was available at the time.

129 Single Loss Expectancy refers to:

A The expectation of the occurrence of a single loss.

B The monetary loss realized from an individual threat.

C The likelihood that a single loss will occur.

D The annualized monetary loss from a single threat.

130 What is the purpose of the DHCP protocol?

A It’s used to diagnose network problems.

B It assigns IP addresses to servers.

C It assigns IP addresses to stations that join the network.

D It’s used to dynamically build network routes.

131 The purpose of a BIA is:

A To determine the criticality of business processes

B To determine the impact of disasters on critical processes

C To determine the impact of software defects on critical business processes

D To determine which software defects should be fixed first

132 An organization has recently implemented a palm-scan biometric system to control access to sensitive zones in a building. Some employees have objected to the biometric system for sanitary reasons. The organization should:

A Switch to a fingerprint-scanning biometric system.

B Educate users about the inherent cleanliness of the system.

C Allow users who object to the system to be able to bypass it.

D Require employees to use a hand sanitizer prior to using the biometric system.

133 A security specialist has discovered that an application her company produces has a JavaScript injection vulnerability. What advice should the security specialist give to the application’s developers?

A Implement input filtering to block JavaScript and other script languages.

B Upgrade to the latest release of Java.

C Re-compile the application with safe input filtering turned on.

D Re-compile the application by using UTF-8 character set support.

134 Cryptography can be used for all the following situations EXCEPT:

A Performance

B Confidentiality

C Integrity

D Authentication

135 The burden of proof in U.S. civil law is:

A The preponderance of the evidence

B Beyond a reasonable doubt

C Beyond all doubt

D Based on the opinion of the presiding judge

136 An organization may choose to perform periodic background checks on its employees for all the following reasons EXCEPT:

A To determine whether the employee has earned any additional educational degrees

B To determine whether a detrimental change in an employee’s financial situation might entice him or her to steal from the employer

C To determine whether a criminal offense has occurred since the person was hired that would impact the risk of continued employment

D To uncover any criminal offenses that weren’t discovered in the initial background check

137 Which class of hand-held fire extinguisher should be used in a datacenter?

A Class B

B Class C

C Class A

D Class D

138 All the following CPUs are CISC design EXCEPT:

A PDP-11

B Intel x86

C SPARC

D Motorola 68000

139 A system architect has designed a system that is protected with redundant parallel firewalls. This follows which security design principle?

A Avoidance of a single point of failure

B Defense in depth

C Fail open

D Fail closed

140 The type of cable that is best suited for high RF and EMF environments is:

A Fiber-optic

B Shielded twisted-pair

C Coaxial

D Thinnet

141 A Disaster Recovery Planning team has been told by management that the equipment required to meet RTO and RPO targets is too costly. What’s the best course of action to take?

A Classify the system as being out of scope.

B Reduce the RTO and RPO targets.

C Look for less expensive methods for achieving targets and report to management if no alternatives can be found.

D Ask for more budget for recovery systems.

142 A security manager is planning a new video surveillance system. The manager wants the video surveillance system to be both a detective control and a deterrent control. What aspect of the system’s design will achieve this objective?

A Include a video-recording capability in the system.

B Make video cameras conspicuously visible and post warning notices.

C Hide video cameras and don’t post warning notices.

D Make video monitors conspicuously visible.

143 Privacy advocacy organizations are concerned about the practice of aggregation, which involves:

A Selling highly sensitive data to the highest bidder

B Distributing highly sensitive data to third parties

C Combining low-sensitivity data elements that results in highly sensitive data

D Disclosing highly sensitive data to government agencies

144 A cipher uses a table to replace plaintext characters with ciphertext characters. This type of cipher is known as:

A Stream

B Block

C Substitution

D Transposition

145 Under U.S. law, the amount of a fine and the length of imprisonment are based on:

A The opinion of the judge

B The opinion of the jury

C The evidence introduced in a trial

D Federal sentencing guidelines

146 An organization has identified a high-risk activity that’s performed by a single individual. The organization will change the activity so that two or more individuals are required to perform the task. This new setup is known as:

A Single point of failure

B Shared custody

C Split custody

D Separation of duties

147 An organization wants to erect fencing around its property to keep out determined intruders. What are the minimum specifications that the organization should consider?

A Eight feet in height and three strands of barbed wire at the top

B Twelve feet in height and three strands of barbed wire at the top

C Eight feet in height

D Twelve feet in height

148 Which type of technology is a computer designer most likely to use for main memory?

A EAROM

B Dynamic RAM

C Flash

D Hard drive

149 A document that lists the equipment brands, programming languages, and communications protocols to be used in an organization is a:

A Policy

B Guideline

C Requirement

D Standard

150 Which of the following is true about Digital Subscriber Line:

A Digital Subscriber Line is synonymous with DOCSIS (Digital Over Cable Services Interface Specification).

B Digital Subscriber Line is a simplex protocol.

C Digital Subscriber Line has been superseded by ISDN.

D Digital Subscriber Line has superseded ISDN.

151 A DRP has an RTO of 24 hours and an RPO of 56 hours. This indicates that:

A The system will be operational within 24 hours and the maximum data loss is 56 hours.

B The system will be operational within at least 24 hours and the maximum data loss is 56 hours.

C The system will be operational within 56 hours and the maximum data loss is 24 hours.

D The system will be operational within 24 hours and the maximum data loss will be 32 hours.

152 The ability to associate users with their actions is known as:

A Non-repudiation

B Accountability

C Audit trails

D Responsibility

153 A database administrator has tuned a transaction processing database for optimum performance. Business users now want to use the same database for business intelligence and decision support. What action should the database administrator take?

A Implement a separate data warehouse that’s tuned for decision support.

B Tune the transaction processing database to optimize performance of decision support queries.

C Implement a database server cluster and tune the passive server for decision support.

D Establish separate user IDs for transaction use and decision-support use, and tune each for their respective purposes.

154 The Advanced Encryption Standard algorithm is based on:

A The Rijndael block cipher

B The Rijndael stream cipher

C The Skipjack cipher

D The triple-DES cipher

155 An organization has developed a new technique for compiling computer code and wants to protect that technique by using applicable intellectual property law. Which type of protection should the organization use?

A Patent

B Trademark

C Service mark

D Copyright

156 An organization is reducing the size of its workforce and has targeted the lead database administrator for termination of employment. How should the organization handle this termination?

A Terminate the employee’s user accounts within 24 hours of notification.

B Terminate the employee’s user accounts immediately after notification.

C Terminate the employee’s user accounts within 48 hours of notification.

D Retain the employee’s user accounts until a replacement can be trained.

157 What’s one disadvantage of the use of key cards as a building access control?

A Key card readers are expensive.

B The False Accept Rate (FAR) may exceed the False Reject Rate (FRR).

C Any party who finds a lost key card can use it to enter a building.

D A key card’s PIN code is easily decrypted.

158 All the following are components of an operating system EXCEPT:

A Compiler

B Kernel

C Device driver

D Tools

159 A document that describes the steps to be followed to complete a task is known as a:

A Process

B Procedure

C Guideline

D Standard

160 Which routing protocol transmits its passwords in plaintext?

A RIPv2

B RIPv1

C BGP

D EIGRP

161 Damage assessment of a datacenter after an earthquake should be performed by:

A The chief security officer

B The datacenter manager

C An unlicensed structural engineer

D A licensed structural engineer

162 The primary reason users are encouraged to use passphrases, rather than passwords, is:

A They’ll choose longer passwords that are inherently stronger than shorter ones.

B Their passwords will include spaces, which make passwords more complex.

C Newer systems don’t support passwords.

D Passphrases can be coupled with biometric systems.

163 An application that was previously written to support a single user has been changed to support multiple concurrent users. The application encounters errors when two users attempt to access the same record. What feature should be added to the application to prevent these errors?

A Load balancing

B Replication

C Record locking

D Clustering

164 Two users, A and B, have exchanged public keys. How can user A send a secret message to user B?

A User A encrypts a message with user B’s public key; user B decrypts the message with user B’s private key

B User A encrypts the message with user A’s private key; user B decrypts the message with user B’s private key

C User A encrypts the message with user A’s private key; user B decrypts the message with user A’s public key

D User A encrypts the message with user B’s public key; user B decrypts the message with user A’s public key

165 An intruder has been apprehended for breaking into an organization’s computer systems to steal national security secrets. Under what U.S. law will the intruder likely be charged?

A Cybercrime Act of 2001

B Federal Information Security Management Act of 2002

C U.S. Computer Fraud and Abuse Act of 1986

D U.S. Computer Security Act of 1987

166 The process of including text such as Company Confidential: For Internal Use Only on a document is known as:

A Branding

B Classification

C Watermarking

D Marking

167 An organization wants to install a motion detector in a portion of a building that has variable ambient noise. Which type of motion detector should be considered?

A Wave pattern or capacitance

B Wave pattern

C Capacitance

D Photo-electronic

168 An organization uses a Windows-based server to act as a file server. The owners of individual files and directories are able to grant read and write permissions to other users in the organization. This capability most closely resembles which security model?

A Discretionary access control (DAC)

B Mandatory access control (MAC)

C Access matrix

D Take-Grant

169 The relationship between threat, vulnerability, and risk is defined as:

A Risk = vulnerability × threat

B Threat = vulnerability × risk

C Vulnerability = threat × risk

D Risk = vulnerability + threat

170 Which of the following WiFi protocols has not been compromised:

A WEP

B WPA

C WPA2

D TKIP

171 The purpose of software escrow is:

A Secure storage of software source code in the event of a disaster or the failure of the company that produced it

B Third-party confirmation of the integrity of a software application

C Secure storage of software object code in the event of a disaster or the failure of the company that produced it

D Third-party delivery of a software application

172 A system has been designed to include strong authentication and transaction logging so that subjects can’t deny having performed actions. This inability for a subject to deny having performed an action is known as:

A Irresponsibility

B Culpable deniability

C Non-repudiation

D Dissociation

173 An organization is considering the purchase of a business application. What should the organization develop before making a product decision?

A Application code

B Specifications

C Design

D Requirements

174 Two users want to establish a private communications link. The two users have never communicated before. How should a symmetric encryption key be communicated to both parties?

A The encryption key should be kept by one party only.

B The encryption key should be transmitted as part of initial communications.

C The encryption key should be transmitted by using an in-band communications channel.

D The encryption key should be transmitted by using an out-of-band communications channel.

175 An organization has developed a new method for building a mechanical device. The organization doesn’t want to reveal the method to any third party. Which type of protection should be used?

A Copyright

B Patent

C Trade secret

D Trademark

176 An intruder has broken into an organization’s computer systems to steal industrial designs. This action is known as:

A Robbery

B Cracking

C Hacking

D Espionage

177 For fire suppression in a commercial datacenter, all the following types of fire-suppression systems may be considered EXCEPT:

A FM-200

B Inert gas

C Preaction

D Deluge

178 TCSEC has been superseded by which standard?

A Common Criteria

B ITSEC

C ISO 27002

D DITSCAP

179 When is it prudent to perform a quantitative risk analysis?

A When the probability of occurrence is low.

B When the value of assets is high.

C When the value of assets is low.

D When the probability of occurrence is high.

180 Two users wish to establish a private communications link. The two users have never communicated before. What algorithm should be used to establish a symmetric encryption key?

A Merkle

B Diffie-Hellman

C Babbage

D RSA

181 The purpose of Layer 1 in the OSI model is to:

A Transmit and receive bits.

B Sequence packets and calculate checksums.

C Perform application-to-application communications.

D Transmit and receive frames.

182 The main reason for incorporating a CAPTCHA is:

A To slow down brute-force attacks.

B To prevent non-human interaction.

C To improve application performance.

D To reduce false-positives.

183 A set of SQL statements that are stored in the database is known as a:

A Callout

B Subroutine

C Prepared statement

D Stored procedure

184 Two users have exchanged public keys. User A has encrypted a message with User B’s public key. What must User B do to read the message?

A Decrypt the message with User A’s private key.

B Decrypt the message with User A’s public key.

C Decrypt the message with User B’s public key.

D Decrypt the message with User B’s private key.

185 The USA PATRIOT Act:

A Makes it illegal to encrypt international e-mail messages.

B Makes it illegal to export strong encryption technology.

C Gives law enforcement greater power of surveillance, search, and seizure.

D Means judges no longer need to approve search warrants.

186 An organization has added bank account numbers to the data it backs up to tape. The organization should:

A Back up only the hashes of bank account numbers and not the numbers themselves.

B Split bank account numbers so they reside on two different backup tapes.

C Stop sending backup tapes off-site.

D Encrypt backup tapes that are sent off-site.

187 The purpose of a motion sensing request-to-exit sensor on an exterior doorway is:

A Count the number of persons exiting the door.

B Count the number of persons entering the door.

C Unlock an exterior door and permit a person to exit.

D Detect when a person is approaching an exterior exit from the inside.

188 The risks associated with outsourcing computing to the Cloud are all of the following EXCEPT:

A Data ownership.

B Data jurisdiction.

C Control effectiveness.

D Availability.

189 A system architect has designed a system that is protected with two layers of firewalls, where each firewall is a different make. This follows which security design principle?

A Avoidance of a single point of failure

B Defense in depth

C Fail open

D Fail closed

190 The range of all possible encryption keys is known as:

A Keyrange.

B Keyspace.

C Elliptic curve.

D Cryptospace.

191 2001:0F56:45E3:BA98 is a:

A MAC address

B IPv4 address

C Subnet mask

D IPv6 address

192 An authentication system does not limit the number of invalid login attempts. This system is:

A Designed for machine interaction only.

B Integrated to a single sign-on (SSO) service.

C Vulnerable to brute force attacks.

D Not used to store sensitive data.

193 An attacker has discovered a way to change his permissions from an ordinary end user to an administrator. This type of attack is known as:

A Back door.

B Denial of Service.

C Privilege injection.

D Escalation of privilege.

194 A user has lost the password to his private key. The user should:

A Create a new password for his private key

B Decrypt his private key

C Retrieve the password from his public key

D Generate a new keypair

195 The burden of proof in U.S. criminal law is:

A The preponderance of the evidence

B Beyond a reasonable doubt

C Beyond all doubt

D Based on the opinion of the presiding judge

196 The best approach for patch management is:

A Install only those patches that scanning tools specify are missing.

B Install patches only after problems are experienced.

C Install all available patches.

D Perform risk analysis and install patches that are relevant.

197 In addition to video surveillance, how can a public reception area be best protected?

A Duress alarm

B Pepper spray

C Hand signals

D Emergency telephone numbers

198 The main weakness of a homogeneous environment is:

A A variety of systems is more difficult to manage effectively.

B Inconsistent management among systems in the environment.

C A vulnerability in one system is likely to be found in all systems in the environment.

D Port scans will take longer to complete.

199 A security manager has designed a building entrance that will lock doors in the event of a power failure. This follows which security design principle?

A Avoidance of a single point of failure

B Defense in depth

C Fail open

D Fail closed

200 An effective cryptosystem is all of the following EXCEPT:

A Efficient.

B Easy to crack.

C Easy to use.

D Strong, even if its algorithm is known.

201 255.255.0.0 is a:

A MAC address

B IPv4 address

C Subnet mask

D IPv6 address

202 The main reason for preventing password re-use is:

A To increase password entropy.

B To prevent a user from reverting to their old, familiar password.

C To encourage users to use different passwords on different systems.

D To prevent users from using the same passwords on different systems.

203 A software developer has introduced a feature in an application that permits him to access the application without the need to log in. This feature is known as a:

A Bypass

B Front door

C Side door

D Back door

204 A cryptosystem uses two-digit numerals to represent each character of a message. This is a:

A Concealment cipher

B Vernam cipher

C Substitution cipher

D Transposition cipher

205 California state law SB-1386:

A Requires organizations to publish their privacy policies.

B Requires organizations to encrypt bank account numbers.

C Requires organizations to disclose security breaches to affected citizens.

D Requires organizations to encrypt private data.

206 The purpose of penetration testing is:

A Simulate an attack by insiders.

B Confirm the presence of application vulnerabilities.

C Confirm the effectiveness of patch management.

D Simulate a real attack and identify vulnerabilities.

207 An advantage of video surveillance motion sensing recording over continuous recording is:

A Date and time stamping on video frames.

B Improved durability of storage media.

C Lower cost of storage media.

D Relevant content can be retained for a longer period of time.

208 The four basic requirements in the Orange Book are:

A Security policy, assurance, accountability, and documentation.

B Security policy, availability, accountability, and documentation.

C Security policy, assurance, confidentiality, and documentation.

D Security policy, assurance, accountability, and integrity.

209 A document that is unclassified:

A Is a threat to national security.

B Is not sensitive.

C Is secret and must be protected.

D Is not a threat to national security.

210 In a symmetric cryptosystem, two users who wish to exchange encrypted messages exchange cryptovariables. The next thing the users should do is:

A Re-issue encryption keys.

B Begin to exchange encrypted messages.

C Change encryption algorithms.

D Change to an asymmetric cryptosystem.

211 In the resource \usdb01symmdevsrc, usdb01 is a:

A Server.

B Directory.

C File.

D Network.

212 An attacker has obtained a file containing hashed passwords. The fastest way to crack the hashed passwords is:

A Unsalt the hashes

B Brute-force attack

C Rainbow tables

D Cryptanalysis

213 The best method for defending against cross-site request forgery (CSRF) attacks is:

A Encrypt traffic with SSL/TLS.

B Block JavaScript execution.

C Filter input fields to reject injection strings.

D Include a transaction confirmation step with every critical application function.

214 A cryptosystem uses a key that is the same length of the message. The key is used only for this message. This is a:

A Transformation cipher.

B Transposition cipher.

C Substitution cipher.

D Vernam cipher.

215 The purpose of the Sarbanes-Oxley Act of 2002 is to:

A Restore investors’ confidence in U.S. companies.

B Ensure privacy of all U.S. citizens.

C Increase penalties for security breaches.

D Reduce securities fraud.

216 A disadvantage of a HIDS is all of the following EXCEPT:

A A server-based HIDS system cannot be a choke point like a NIDS/ NIPS can.

B A separate HIDS instance must be installed and maintained on every server.

C HIDS can only perform signature-based detection, not anomaly-based detection.

D It will not detect port scans on unused IP addresses.

217 The primary advantage for remote monitoring of datacenter access controls is:

A Local monitoring cannot identify all intrusions.

B Remote monitoring is more effective than local monitoring.

C Reduction of costs.

D It compensates for the possibility that personnel in the datacenter are unavailable or compromised.

218 TCSEC evaluation criteria are:

A Certification, inspection, and accreditation.

B Confidentiality, integrity, and availability.

C Measurement, guidance, and acquisition.

D System architecture, system integrity, and covert channel analysis.

219 A document that lists approved protocols is known as a:

A Process

B Procedure

C Guideline

D Standard

220 An encryption algorithm that rearranges bits, characters, or blocks of data is known as a:

A Substitution cipher.

B Transposition cipher.

C Vernam cipher.

D Concealment cipher.

221 Systems on an internal network have RFC 1918 network addresses. To permit these systems to communicate with systems on the Internet, what should be implemented on the firewall?

A NAT

B NAC

C NAP

D NAS

222 The purpose of a user account access review is:

A All of these.

B To ensure that employee terminations were properly processed.

C To ensure that all role assignments were properly approved.

D To ensure that assigned roles are still needed.

223 The most effective countermeasure for session hijacking is:

A Two-factor authentication.

B Strong passwords.

C Full disk encryption.

D Full session HTTPS encryption.

224 A cryptologist has determined that a cryptosystem has a weak PRNG. This can lead to:

A Compromise of the cryptosystem

B Increased performance of the cryptosystem

C Decreased performance of the cryptosystem

D Collisions

225 Recordkeeping that is related to the acquisition and management of forensic evidence is known as:

A Best evidence.

B Burden of proof.

C Chain of custody.

D Certification.

226 The purpose of audit trails includes all of the following EXCEPT:

A Event reconstruction.

B Investigation support.

C Enforcement of accountability.

D Data recovery.

227 In a datacenter that provides dual power feeds to each equipment rack, components with dual power supplies are connected to each power feed. Why should power circuits not be loaded over 40% capacity?

A To permit systems to be power-cycled without overloading circuits.

B To permit systems to be rebooted without overloading circuits.

C To permit power supplies to be swapped out.

D If one power feed fails, power draw on alternate circuits will double.

228 A web application that uses sequential session identifiers:

A Has high resilience.

B Has low resilience.

C Is vulnerable to session hijacking.

D Is not vulnerable to session hijacking.

229 All of the following statements about policies are true EXCEPT:

A They specify what should be done.

B They specify how something should be done.

C They should be reviewed annually.

D They are formal statements of rules.

230 An encryption algorithm that replaces bits, characters, or blocks in plaintext with alternate bits, characters, or blocks is known as a:

A Substitution cipher.

B Transposition cipher.

C Vernam cipher.

D Concealment cipher.

231 Two-factor authentication is preferred for VPN because:

A It is more resistant to a dictionary attack.

B It is more resistant to a replay attack.

C Encryption protects authentication credentials.

D Encryption protects encapsulated traffic.

232 An audit of user access has revealed that user accounts are not being locked when employees leave the organization. The best way to mitigate this finding is:

A Reset all account passwords.

B Lock all user accounts and require users to re-apply for access.

C Improve the termination process and perform monthly access reviews.

D Discipline the culpable personnel.

233 A blogging site allows users to embed JavaScript in the body of blog entries. This will allow what type of attack?

A Cross-frame scripting

B Cross-site request forgery

C Non-persistent cross-site scripting

D Persistent cross-site scripting

234 A system designer needs to choose a stream cipher to encrypt data. The designer should choose:

A 3DES

B AES

C RC1

D RC4

235 Evidence that is obtained through illegal means:

A May be used in a legal proceeding.

B May be used as indirect evidence.

C Cannot be used in a legal proceeding.

D Must be returned to its owner.

236 A particular type of security incident occurs frequently in an organization. What should be performed to reduce the frequency of these incidents?

A Audit log correlation

B Root cause analysis

C Incident forensics

D Six Sigma analysis

237 What procedure should be followed by personnel in case of fire in a datacenter?

A All personnel should remain to fight the fire.

B One person should remain behind and fight the fire.

C Collect backup media and evacuate.

D Immediate evacuation.

238 The following statements about the Common Criteria are true EXCEPT:

A It is the European version of ITSEC.

B It has been adopted as international standard ISO 15408.

C It contains eight levels of evaluation assurance.

D It supersedes TCSEC and ITSEC.

239 An organization has employees in many countries, where laws vary on the type of background checks that can be performed. The best approach for background checks is:

A Perform background checks only in those countries that permit reasonable checks.

B Perform the best background check in each country as permitted by law.

C Perform the same background check in all countries by performing only what is allowed in all of them.

D Do not perform background checks.

240 A disadvantage of a symmetric cryptosystem is:

A It is far less efficient than an asymmetric cryptosystem.

B Users who do not know each other will have difficulty securely exchanging keys.

C It is difficult to publish a public key.

D It is easy to publish a public key.

241 Two organizations exchange data via FTP. The best choice to make this more secure is:

A Change the FTP protocol to SFTP or FTPS.

B Encrypt transferred files with PGP.

C Change password more frequently.

D Change to longer, complex passwords.

242 An attacker is capturing a user’s keystrokes during authentication. The attacker may be preparing to launch a:

A Brute-force attack.

B Cryptanalysis attack.

C Replay attack.

D Denial of service attack.

243 Users in a company have received e-mail messages claiming to be from the company’s IT department with instructions on installing a security patch. The URL points to a page that resembles the company’s IT Helpdesk home page. This may be a:

A Whaling attack.

B Pharming attack.

C Phishing attack.

D Spear phishing attack.

244 A laptop containing several private encryption keys has been stolen. The owner of the encryption keys should:

A Generate new key pairs

B Change the keys’ passwords

C Change encryption algorithms

D No action is necessary

245 A company outsources its credit card processing to a third-party organization. The company should:

A Require the third-party organization to be PCI-compliant.

B Require the third-party organization to be GLBA-compliant.

C Sign a contract with the third-party organization.

D Perform penetration tests on the third party’s systems.

246 Administration of a centralized audit log server should be performed by:

A Database administrators.

B IT auditors.

C The same administrators who manage servers being logged.

D Separate administrators from those who administer servers being logged.

247 The ideal level of relative humidity for datacenter computing equipment is:

A Between 0% and 20%.

B Between 20% and 40%.

C 0%.

D Between 40% and 60%.

248 A security manager wishes to establish a set of access control rules that specify which organization job titles are permitted to have which roles in a system. The model that the security manager should use as a model is:

A Access Matrix.

B Information Flow.

C Non-Interference.

D Biba.

249 A decision on how to resolve an identified risk is known as:

A Risk control.

B Risk treatment.

C Risk management.

D Risk mitigation.

250 The advantage of Cipher Block Chaining (CBC) is:

A Each block of ciphertext has a less random result.

B Each block of ciphertext has a more random result.

C Each block of ciphertext is encrypted separately.

D Each block of ciphertext is decrypted separately.

Answers

1 B. See Chapter 11. People and their safety always come first!

2 B. See Chapter 4. Mandatory access control is based on the user’s clearance level, the classification of the information, and the user’s need-to-know.

3 B. See Chapter 7. A data dictionary contains information about an application’s data structures, including table names, field names, indexes, and so on.

4 C. See Chapter 8. Cryptanalysis is the process of getting the key and/or the original message the hard way.

5 B. See Chapter 7. Robert Tappan Morris wrote and released what’s now known as the Internet Worm in 1988. Researcher Gene Spafford wrote several papers on the topic.

6 B. See Chapter 10. Preventive controls are designed to prevent a security incident.

7 C. See Chapter 13. The primary concern here is to keep intruders out, which is why computer room walls should extend from the true floor to the true ceiling.

8 C. See Chapter 9. Cache memory holds instructions and data that are likely to be frequently accessed. Cache memory is faster than RAM, so it can contribute to faster performance.

9 A. See Chapter 6. Separation of authority makes it difficult for an individual to steal an organization’s assets because it requires others to cooperate with the would-be criminal.

10 D. See Chapter 5. UDP has no guarantee of delivery, nor sequencing or acknowledgement.

11 A. See Chapter 11. Mutual aid agreements aren’t a significant concern of a Business Impact Assessment (BIA). They’re instead a part of contingency planning.

12 A. See Chapter 4. Identity-based access control is used to grant access to information based on the identity of the person requesting access.

13 A. See Chapter 7. A Service-Level Agreement (SLA) defines minimum performance metrics of an application or service.

14 D. See Chapter 8. Secret key cryptography is used when all parties possess a common key.

15 C. See Chapter 12. Forensics is the activity of discovering, preserving, and recording evidence.

16 A. See Chapter 10. Detective controls are designed to record security events.

17 C. See Chapter 13. Water cools the fuel to the point where the fire can’t continue. Also, to some extent, water is a physical barrier between the fuel and oxygen.

18 A. See Chapter 9. Firmware is software that’s seldom changed. Firmware is generally used to control low-level functions in computer hardware and embedded systems.

19 C. See Chapter 6. Open view is the act of leaving a classified document out in the open so that it can be viewed by anyone.

20 B. See Chapter 5. TCP adds unnecessary overhead. Streaming video can afford to lose a packet now and then.

21 C. See Chapter 11. Maximum Tolerable Downtime (MTD) is the length of time that an organization can tolerate critical processes being inoperative.

22 B. See Chapter 4. User-directed access control, a form of discretionary access control, permits the user to grant access to information based on certain limitations.

23 D. See Chapter 4. Cyclical Redundancy Checks (CRCs), parity checks, and checksums are examples of detective application controls because they’re designed to help discover security breaches (as well as network malfunctions and other undesired events) in a network.

24 C. See Chapter 8. In public key cryptography, the value of the public key doesn’t in any way betray the value of the secret key.

25 A. See Chapter 12. An expert witness offers his or her opinion based on the facts of the case and on personal expertise.

26 C. See Chapter 10. Corrective controls are used to resume business operations after a security incident.

27 A. See Chapter 13. Positive drains are those that carry liquids away from a building.

28 B. See Chapter 9. Memory protection is a machine-level security feature that prevents one program from being able to read or alter memory assigned to another program.

29 A. See Chapter 6. The information owner is ultimately responsible for the information asset and for its initial classification.

30 A. See Chapter 5. There are four layers in the TCP/IP model: Network Access, Internet, Transport, and Application.

31 B. See Chapter 11. Warm sites are mostly like hot sites, except that the organization’s software and data aren’t on the warm site’s systems.

32 C. See Chapter 4. Encryption, tokens, access control lists, and smart cards are examples of technical, or logical, controls.

33 C. See Chapter 7. Data mining is the term used to describe searches for correlations, patterns, and trends in a data warehouse.

34 A. See Chapter 8. In this cipher, the cryptographer writes across but reads down.

35 C. See Chapter 12. A witness testifies the facts as he or she understands them.

36 A. See Chapter 10. Covert channel analysis is used to detect, understand, and help security personnel to prevent the creation and operation of covert channels.

37 D. See Chapter 6. It’s infinitely better to find undesirable qualities, such as a criminal history, prior to making an employment decision.

38 A. See Chapter 9. The virtual memory model is used to create a memory space that’s larger than the available physical memory.

39 B. See Chapter 6. The custodian protects the information on behalf of its owner.

40 B. See Chapter 5. ARP is the Address Resolution Protocol.

41 D. See Chapter 11. The hot site already has computer equipment.

42 D. See Chapter 4. Administrative access controls consist of all the policies and procedures that are used to mitigate risk.

43 D. See Chapter 7. Object-oriented, relational, and network are types of databases.

44 C. See Chapter 8. Asymmetric cryptosystems are also known as public key cryptosystems.

45 A. See Chapter 12. Entrapment refers to the activities that lure an individual into committing a crime that he or she wouldn’t have otherwise committed.

46 D. See Chapter 10. Least privilege is the principle that states users should have access only to the data and functions required for their stated duties.

47 B. See Chapter 13. Building access systems don’t know why people are coming and going.

48 D. See Chapter 9. Open systems are those in which specifications are published and freely available, permitting any vendor to develop components that can be used with it.

49 A. See Chapter 6. Useful life, value, and age are some of the criteria used to classify information.

50 A. See Chapter 5. ARP is used to translate an IP address into a MAC address.

51 B. See Chapter 11. The Disaster Recovery Plan (DRP) must contain an up-to-date record of all critical business processes.

52 C. See Chapter 4. Physical access controls include security guards, locked doors, and surveillance cameras, as well as other controls such as backups, protection of cabling, and card-key access.

53 B. See Chapter 7. Neural networks are systems that can detect patterns after a period of training.

54 B. See Chapter 8. Steganography is the science of inserting messages into larger datasets so that the existence of the message is unknown.

55 D. See Chapter 12. Enticement is used to keep a criminal at the scene of the crime. In the context of electronic crime, a honeypot is a great way to keep an intruder sniffing around while his or her origin is traced.

56 B. See Chapter 10. Separation of duties is used to ensure that no single individual has too much privilege, which could lead to a security incident or fraud.

57 D. See Chapter 13. Tailgating is a common method used by someone who wants to enter a controlled area but has no authorization to do so.

58 C. See Chapter 9. In a distributed architecture, information isn’t centrally stored, but rather stored in a multitude of locations. The other answers are security issues in distributed architectures.

59 C. See Chapter 6. A senior management statement of security policy underscores the importance of and support for security.

60 B. See Chapter 5. RARP is used to translate a MAC address into an IP address.

61 A. See Chapter 11. Audits will uncover changes that are needed in the DRP.

62 D. See Chapter 4. Role-based access control and task-based access control are known as non-discretionary controls, which match information to roles or tasks, not individual users.

63 A. See Chapter 7. Unit testing is the testing of small modules of code, which is used to verify that the coding was done correctly.

64 C. See Chapter 8. Steganography can be difficult to detect visually in an image.

65 B. See Chapter 12. A honeypot is designed to keep an intruder sniffing around long enough for investigators to determine his or her origin and identity.

66 C. See Chapter 10. Installing system software is a system administrator function; the rest are security administrator functions.

67 B. See Chapter 13. Fail open refers to any controlling mechanism that remains in the unlocked position when it fails. In the case of controlled building entrances, anyone can enter the building.

68 B. See Chapter 9. TCB stands for Trusted Computing Base.

69 D. See Chapter 6. An advisory policy is required by the organization but is not mandated by a local or national government.

70 B. See Chapter 5. This is an IPv4 address.

71 C. See Chapter 11. A short Recovery Time Objective (RTO) usually requires a hot site because you have very little time available for setting up replacement systems.

72 D. See Chapter 4. Detective controls are those controls that are designed to detect security events, but can’t prevent them in the way that preventive controls can.

73 D. See Chapter 7. Requirements are the single largest input used in the high-level product design phase.

74 C. See Chapter 8. World War II saw a significant advancement in the science of cryptography. World War II became a war of cryptanalysis wherein each participant was sometimes able to break the code of the others, resulting in strategic advantages.

75 C. See Chapter 12. Issuing monitoring tools to all e-mail administrators isn’t a precaution at all — it’s not even a step that would be considered. The other items do need to occur before any monitoring is performed.

76 A. See Chapter 10. Rotation of duties is used to keep mixing up the teams in order to prevent situations in which individuals are tempted to perform unauthorized acts.

77 A. See Chapter 13. Fail closed refers to any controlling mechanism that remains in the locked position when it fails. In the case of controlled building entrances, no one can enter the building by normal means.

78 A. See Chapter 9. A Trusted Computing Base is the complete picture of protection used in a computer system.

79 A. See Chapter 6. A threat is a possible undesirable event that may cause harm or damage.

80 A. See Chapter 5. This is a MAC address.

81 D. See Chapter 11. A communications outage is considered a man-made disaster (although it can be caused by a naturally occurring event).

82 C. See Chapter 4. Preventive controls are controls that are used to prevent security events.

83 B. See Chapter 7. Going back one step for rework (of requirements, design, coding, testing — whatever the step is that needs to be reworked) was the main improvement of the Waterfall model. This is important because sometimes any of the steps may fail to consider something that the next step uncovers.

84 A. See Chapter 8. Non-repudiation helps to prove that a specific individual did create or sign a document, or did transmit data to or receive data from another individual.

85 A. See Chapter 12. Intellectual property laws apply to trade secrets, trademarks, copyrights, and patents.

86 C. See Chapter 10. Change management is the complete management function that controls changes made to a production environment.

87 B. See Chapter 13. Wet-pipe is the sprinkler system type in which water is always in the pipe.

88 B. See Chapter 9. Pipelining is the mechanism used to overlap the steps in machine instructions in order to complete them faster.

89 B. See Chapter 6. A vulnerability is a weakness that can permit an undesirable event.

90 C. See Chapter 5. Ping uses ICMP Echo Requests.

91 A. See Chapter 11. Remote journaling keeps data at an alternative site up-to-date at all times.

92 A. See Chapter 4. Identification is only the assertion of identity, whereas authentication is the proof of identity.

93 A. See Chapter 7. Security should be included in the earliest possible phases of a software development project. The requirements phase is the earliest among the choices offered.

94 A. See Chapter 8. Work function is the term used to describe the amount of time and/or money required to break a ciphertext.

95 A. See Chapter 12. Evidence gathered in violation of any laws can’t be admitted in court.

96 B. See Chapter 10. Configuration management is the support function that’s used to store version information about its systems.

97 C. See Chapter 13. Preaction, a combination of dry-pipe and wet-pipe, is increasingly popular in datacenters because it reduces the likelihood that a water discharge will actually occur — and a discharge will be limited to a small area in the datacenter.

98 D. See Chapter 9. FORTRAN, BASIC, and C are third-generation languages.

99 A. See Chapter 6. Safeguards exist to reduce risk in some way.

100 D. See Chapter 5. SMTP, or Simple Mail Transport Protocol, is used to send and receive e-mail messages.

101 C. See Chapter 11. Electronic vaulting is the term that describes backing up data over a communications line to another location.

102 A. See Chapter 4. Two-factor authentication requires any two of Type 1 (something you know), Type 2 (something you have), and Type 3 (something you are) authentication methods.

103 C. See Chapter 7. Veto power is unlikely, but the other choices listed are value-added features of change control.

104 B. See Chapter 8. The lack of a top-level (root) signature on a certificate results in warning messages stating that the certificate lacks a top-level signature.

105 C. See Chapter 12. Federal, state, and local laws cover computer crime. Depending on the crime, one or more levels of government may have jurisdiction.

106 D. See Chapter 10. Configuration management is used to preserve all prior settings or versions of software or hardware, as well as to provide a check out/check in capability to avoid collisions.

107 D. See Chapter 13. Dry-pipe systems take a few moments (at least) before water discharge begins.

108 A. See Chapter 9. An operating system (OS) manages computer hardware and presents a consistent interface to application programs and tools.

109 D. See Chapter 6. The purpose of risk analysis is to quantify the impact of a potential threat; in other words, to put a monetary value on the loss of information or functionality.

110 B. See Chapter 5. Because it encrypts and decrypts packets over the network, SSL consumes a lot of CPU time.

111 B. See Chapter 11. Off-site storage is merely an alternate location for storing back-up media.

112 D. See Chapter 4. Something you are refers to authentication that measures a biometric, which means something physical, such as a fingerprint, retina scan, or voiceprint.

113 A. See Chapter 7. The greatest value in the development life cycle is getting security requirements in at the beginning so that security will be “baked in.”

114 D. See Chapter 8. The Clipper Chip implemented a capability to provide encryption for users and also provided a legal wiretap capability.

115 B. See Chapter 12. Evidence may be seized only if law enforcement believes that it’s about to be destroyed (which the law calls exigent circumstances).

116 A. See Chapter 9. Erasure is seldom 100-percent effective. Despite complex and time-consuming methods, the slightest traces of data on media that have been erased may always remain.

117 A. See Chapter 13. Walls that go all the way up to the ceiling do a better job of keeping fires from spreading into or out of the datacenter.

118 B. See Chapter 9. Protection rings are layers of protection domains, with the most protected domain in the center.

119 B. See Chapter 6. Annualized Rate of Occurrence (ARO) is a risk management term that describes the likelihood of the occurrence of a threat.

120 D. See Chapter 5. Access control lists are used on firewalls, routers, and bastion hosts, but not on client systems (at least not for recording passwords!).

121 B. See Chapter 11. A high Recovery Point Objective (RPO) means that data on a recovered system will be older. A low Recovery Time Objective (RTO) means that the system will be recovered quickly.

122 B. See Chapter 4. Two-factor authentication requires any two of Type 1 (something you know), Type 2 (something you have), and Type 3 (something you are) authentication methods.

123 C. See Chapter 7. Configuration management produces a highly detailed record, including details of each and every copy of a software product that was created.

124 C. See Chapter 8. The famous device used by Germany to encrypt and decrypt secret messages was the Enigma.

125 C. See Chapter 12. Motive, means, and opportunity are the standard criteria when considering a possible suspect in a crime.

126 D. See Chapter 10. Software controls are used to protect software from unauthorized disclosure or tampering.

127 A. See Chapter 13. Dial-up alarms don’t detect fire; they respond to a fire detector and call the fire department by using a telephone line to play a prerecorded message.

128 A. See Chapter 9. The Orange Book was one of several books in the Rainbow Series, each describing various levels and contexts of computer security, and each with its own unique color.

129 B. See Chapter 6. Single Loss Expectancy (SLE) is the monetary value associated with an individual threat.

130 C. See Chapter 5. The DHCP (dynamic host configuration protocol) is used to assign IP addresses to stations that join a network.

131 B. See Chapter 11. A Business Impact Assessment (BIA) is used to determine the impact that different types of disasters have on critical business processes.

132 D. See Chapter 4. It’s reasonable for some employees to voice concerns regarding the cleanliness of a hand scanner that many employees will be using. Making hand-sanitizing agents available and requiring all users to use those hand sanitizers is a reasonable precaution to help prevent the spread of illnesses.

133 A. See Chapter 7. An application that has a script injection vulnerability needs to be modified so that data accepted in input fields is sanitized by removing script tags and other scripting commands.

134 A. See Chapter 8. Cryptography can be used for confidentiality (by encrypting a message), integrity (through the use of digital signatures), and authentication (through the use of digital signatures to prove the origin of a message). Cryptography isn’t used for performance.

135 A. See Chapter 12. The burden of proof in U.S. civil law is based on the preponderance of the evidence.

136 A. See Chapter 10. Periodic background checks can be used to discover any new events in an employee’s criminal or financial background, as well as uncover any criminal records that weren’t found in the initial background check.

137 B. See Chapter 13. A Class C fire extinguisher should be used in a datacenter; this type is most effective against electronics and electrical fires.

138 C. See Chapter 9. PDP-11, Intel x86, and Motorola 68000 are CISC design CPUs. SPARC is a RISC design CPU.

139 A. See Chapter 6. An architecture with parallel components generally is following the avoidance of a single point of failure.

140 A. See Chapter 5. Because it transmits light instead of electrical signals, fiber-optic cabling is virtually immune to RF and EMF environments.

141 C. See Chapter 11. When management has determined that a proposed disaster recovery architecture is too expensive, the project team needs to find less costly alternatives. If none can be found, the project team needs to inform management, who may approve of longer RPO and RTO targets that should be less costly.

142 B. See Chapter 4. A video surveillance system can be an effective deterrent control if its cameras are visible. Warning notices provide even greater deterrent ability.

143 C. See Chapter 7. Aggregation is the process of combining data, which can result in the creation of highly sensitive information.

144 C. See Chapter 8. A substitution cipher uses a lookup table for substituting one character for another.

145 D. See Chapter 12. Federal sentencing guidelines provide the range of possible monetary fines and length of imprisonment.

146 D. See Chapter 10. Separation of duties is the concept that supports a process design in which two or more individuals are required to perform a critical task. The classic example is the three activities carried out by three separate individuals in an accounting system: creating a payee, making a payment request, and making a payment.

147 A. See Chapter 13. To keep out determined intruders, an organization should consider fencing that’s at least eight feet in height and includes three strands of barbed wire.

148 B. See Chapter 9. Most computers’ main memory uses dynamic RAM (DRAM) or static RAM (SRAM).

149 D. See Chapter 6. A standards document defines the equipment brands, programming languages, communications protocols, and other components to be used in an organization.

150 D. See Chapter 5. Digital Subscriber Line has superseded ISDN in most areas. The other statements are false.

151 A. See Chapter 11. An RTO of 24 hours means a recovery system will be operational within 24 hours of a disaster. An RPO of 56 hours means the maximum data loss will be 56 hours.

152 B. See Chapter 4. When users are associated with their actions (which is usually achieved through audit logs), they’re made to be accountable.

153 A. See Chapter 7. It’s rarely possible to tune a database management system to provide adequate performance for both transaction processing and decision support. A separate data warehouse should be implemented, and that database tuned for that purpose. The original database should be tuned for optimum transaction processing performance.

154 A. See Chapter 8. AES (Advanced Encryption Standard) is based on the Rijndael block cipher.

155 A. See Chapter 12. A patent is the type of legal protection used for the design of a mechanism.

156 B. See Chapter 10. A position such as database administrator, network administrator, or system administrator usually has high privileges. The safest course of action when terminating employment for a person in such a position is to immediately terminate all access immediately after (or just prior to) notification.

157 C. See Chapter 13. Unless coupled with a PIN pad or biometric reader, any person can use a key card to enter a building.

158 A. See Chapter 9. Operating systems consist of a kernel, device drivers, and tools.

159 B. See Chapter 6. A procedure describes the steps used to complete a task.

160 A. See Chapter 5. The RIP (Routing Information Protocol) version 2 transmits passwords in plaintext. RIPv1 did not use passwords at all.

161 D. See Chapter 11. Only a licensed structural engineer is qualified to examine the structure of a building after an earthquake and determine whether that building can be safely used. The other parties aren’t qualified to make this assessment.

162 A. See Chapter 4. The term passphrase simply means a longer password. The longer a password, the more difficult it can be to crack.

163 C. See Chapter 7. Record locking is a mechanism used to arbitrate access to resources in multiuser applications.

164 A. See Chapter 8. In public key cryptography, a sender encrypts a message with the recipient’s public key; the recipient decrypts the message with the recipient’s private key.

165 C. See Chapter 12. An intruder who steals national security secrets in the U.S. is likely to be charged with a violation of the Computer Fraud and Abuse Act of 1986.

166 D. See Chapter 10. Classifying, or marking, is the term used to describe the action of including text such as Company Confidential on a document.

167 A. See Chapter 13. A wave pattern or capacitance motion detector would be a candidate for an area that experiences ambient noise.

168 A. See Chapter 9. The capability for end users to grant permissions to others corresponds to the discretionary access control (DAC) model.

169 A. See Chapter 6. The basic relationship between threat, vulnerability, and risk is that the risk is equal to the threat times the vulnerability.

170 C. See Chapter 5. WPA2 with AES has not been compromised.

171 A. See Chapter 11. The purpose of a software escrow agreement (also known as a source code escrow agreement) is the secure off-site storage of software source code in the event of a disaster or the complete failure of the organization.

172 C. See Chapter 4. Non-repudiation is a property of a system to be able to prevent a subject from denying that he or she performed an action. This is accomplished through strong authentication and audit (or transaction) logging.

173 D. See Chapter 7. An organization should develop requirements that define the desired characteristics of an application that it will consider purchasing.

174 D. See Chapter 8. For two parties that have not communicated before, a symmetric encryption key must be sent from one party to another through an out-of-band channel. For example, an encryption key for network communications should be sent via fax or courier.

175 C. See Chapter 12. An organization that doesn’t want to disclose a method can’t file a copyright, trademark, or patent because these filings would disclose the method. Instead, the organization must carefully guard the method and consider it a trade secret.

176 D. See Chapter 10. Espionage is the process of spying on an organization in order to discover its military or industrial secrets.

177 D. See Chapter 13. Fire suppression in a commercial datacenter may include an inert gas system, FM-200 (which is one commercial brand of an inert gas system), or preaction (if local fire codes require some type of a water sprinkler system). A deluge system would never be considered.

178 A. See Chapter 9. The Trusted Computer System Evaluation Criteria (TCSEC) has been superseded by the Common Criteria.

179 B. See Chapter 6. A quantitative risk analysis is more difficult and time- consuming to perform, and is usually done only on high-value assets.

180 B. See Chapter 8. The Diffie-Hellman (DH) key exchange algorithm permits the safe establishment of a symmetric encryption key over a communications channel.

181 A. See Chapter 5. Layer 1 of the OSI model is concerned only with sending and receiving bits.

182 B. See Chapter 4. The primary reason for using CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is to ensure that a human is interacting with an application.

183 D. See Chapter 7. A stored procedure is a set of one or more SQL statements that are stored in the database management system, usually in the data dictionary.

184 D. See Chapter 8. In public key cryptography, a sender encrypts a message with the recipient’s public key. The recipient decrypts the message with his own private key.

185 C. See Chapter 12. The USA PATRIOT Act gives law enforcement organizations greater search and seizure powers, primarily to combat terrorism.

186 D. See Chapter 10. An organization that backs up sensitive data such as bank account numbers should consider encrypting its backup media.

187 D. See Chapter 13. The purpose of a request-to-exit (REX) sensor is to detect when a person is approaching a doorway — usually an exterior exit door from the inside. If an exterior door is opened from the outside without the use of a key card and without a person inside the door, then the door is assumed to have been opened with a key or forced open by an intruder.

188 A. See Chapter 9. Data jurisdiction, control effectiveness, and availability are risks associated with cloud computing. Data ownership is not usually an issue.

189 B. See Chapter 6. A network that uses two different makes of firewalls follows the principle of defense in depth. A weakness in one firewall is not likely to be present in the other.

190 B. See Chapter 8. The complete range of possible keys in a cryptosystem is known as the keyspace.

191 D. See Chapter 5. 2001:0F56:45E3:BA98 is an IPv6 address.

192 C. See Chapter 4. A system that does not limit the number of invalid login attempts is vulnerable to mechanized password guessing attacks. The attacker can attempt to log in thousands of times until the correct password is discovered.

193 D. See Chapter 7. An attack that results in increased permissions is known as escalation of privilege.

194 D. See Chapter 8. If a user has lost the password to his private key, the key can no longer be used; the user must generate a new keypair.

195 B. See Chapter 12. The burden of proof in U.S. criminal law is “beyond a reasonable doubt.”

196 D. See Chapter 10. The best approach for patch management is to perform risk analysis on each patch, and install those that are relevant. Applying all available patches consumes more resources and may reduce system integrity.

197 A. See Chapter 13. A duress alarm can be used to signal other personnel that there is an emergency in a specific area of a building.

198 C. See Chapter 9. The main weakness of a homogeneous environment is that all of the systems are the same. If one system has a vulnerability or weakness, many or all of the other systems in the environment are likely to have the same vulnerability or weakness.

199 D. See Chapter 6. A system that blocks all access in the event of a power failure (or other type of failure) follows the principle of fail closed.

200 B. See Chapter 8. An effective cryptosystem is easy to use, strong even if its algorithm is known, and makes efficient use of resources. A cryptosystem that is easily broken is not effective.

201 C. See Chapter 5. 255.255.0.0 is an IPv4 subnet mask.

202 B. See Chapter 4. Preventing password re-use discourages users from trying to revert to familiar passwords, which can slightly increase the risk of system compromise.

203 D. See Chapter 7. A back door is a feature that permits covert access to a system, usually through bypassing access controls.

204 C. See Chapter 8. A cryptosystem where message characters are converted to two-digit numerals is a substitution cipher, because ciphertext characters are substituted for message characters.

205 C. See Chapter 12. The California Security Breach Information Act, SB-1386, requires organizations to disclose security breaches of specific personal data to all affected citizens, unless that data was encrypted. The law does not require that any data be encrypted.

206 D. See Chapter 10. The purpose of penetration testing is to simulate an attack by malicious outsiders or insiders who may be attempting to compromise a target system.

207 D. See Chapter 13. In a motion-sensing surveillance system, only content with actual motion is recorded. This enables content to be retained for a greater period of time (because recording of no-activity is eliminated).

208 A. See Chapter 9. The four basic requirements described in the Orange Book are security policy, assurance, accountability, and documentation.

209 B. See Chapter 6. A document that is unclassified does not contain sensitive information.

210 B. See Chapter 8. When two users have exchanged cryptovariables (also known as encryption keys), they may begin exchanging encrypted messages.

211 A. See Chapter 5. In Uniform Naming Convention (UNC) for \usdb01symmdevsrc, usdb01 is the name of a server.

212 C. See Chapter 4. An attacker who obtains a list of hashed passwords may be able to use a rainbow table to simply find the matching hashes and learn their corresponding passwords.

213 D. See Chapter 7. The best defense against cross-site request forgery (CSRF) attacks is to include subsequent steps such as transaction confirmation.

214 D. See Chapter 8. A Vernam cipher, or one-time pad, is a cryptosystem where the encryption key is the same length of the message, and is used only one time – for that message alone.

215 A. See Chapter 12. The purpose of the Sarbanes-Oxley Act of 2002 is to renew public trust in U.S. public companies by strengthening company controls related to financial reporting.

216 C. See Chapter 10. Because it has to be installed on every host, an organization may have many HIDS systems to maintain. And, because HIDS runs on individual hosts, a HIDS system cannot act as a network choke point in the way a network-based IDS can. A HIDS system can only detect traffic sent directly to any host it’s running on.

217 D. See Chapter 13. One of the main reasons for employing remote monitoring of physical access controls in a datacenter is the ability to observe physical access controls even if local staff are unavailable or compromised.

218 C. See Chapter 9. TCSEC (Orange Book) system evaluation criteria are measurement, guidance, and acquisition.

219 D. See Chapter 6. A document that lists approved protocols, technologies, or suppliers is known as a standard.

220 B. See Chapter 8. An encryption algorithm that rearranges bits, characters, or blocks of data is known as a transposition cipher, because it transposes data.

221 A. See Chapter 5. In order to facilitate communication to the Internet on systems with RFC 1918 (private) addresses, implement NAT (network address translation) on a firewall.

222 A. See Chapter 4. The purpose of a user account access review can serve many purposes, including making sure that employee terminations resulted in timely access terminations, that all user roles were properly approved, and that users still require their access roles.

223 D. See Chapter 7. Session hijacking occurs when an attacker obtains session cookies from a victim user. Full session encryption with HTTPS is an effective countermeasure, since attackers will not be able to obtain session cookies.

224 A. See Chapter 8. A weak pseudo-random number generator (PRNG) may result in a weak cryptosystem that can be broken through cryptanalysis.

225 C. See Chapter 12. The Chain of Custody is the recordkeeping that describes the handling of forensic evidence in support of an investigation.

226 D. See Chapter 10. Audit trails support event reconstruction, investigation support, problem identification, and enforcement of accountability. Audit trails are not used for recovery purposes.

227 D. See Chapter 13. When dual power supply components are connected to different circuits, those circuits should not be loaded to a load greater than 40% of capacity. If one power circuit fails, the other circuit can expect its load to increase to 80%.

228 C. See Chapter 9. A web application that uses sequential session identifiers is vulnerable to a state attack, where an attacker can easily guess other session identifiers and attempt to steal other users’ sessions.

229 B. See Chapter 6. Policies are formal statements of business rules; they specify what should be done, but not how they should be done. Policies should be reviewed periodically.

230 A. See Chapter 8. An encryption algorithm that replaces bits, characters, or blocks of data is known as a substitution cipher.

231 A. See Chapter 5. Two-factor authentication is preferred for VPN because it is more resistant to a dictionary attack.

232 C. See Chapter 4. When it has been discovered that many user accounts were not locked for users who left the organization, the termination process should be improved by whatever means necessary. Monthly access reviews will help to ensure that process changes are effective.

233 D. See Chapter 7. Any site that permits users to embed JavaScript is susceptible to cross-site scripting (XSS) attacks.

234 D. See Chapter 8. A system designer in need of a stream cipher should choose RC4. The other ciphers are block ciphers.

235 C. See Chapter 12. Any evidence obtained through illegal means cannot be used in any legal proceeding.

236 B. See Chapter 10. If a specific type of incident occurs over and over, root cause analysis should be performed so that the factors responsible for incident recurrence can be corrected.

237 D. See Chapter 13. In case of a fire in a datacenter, personnel should evacuate immediately. Personnel safety is the highest priority in a datacenter.

238 A. See Chapter 9. The Common Criteria has been adopted as international standard ISO 15408, it contains eight levels of evaluation assurance, and it supersedes TCSEC and ITSEC.

239 B. See Chapter 6. An organization should perform the best background check available and permitted by law in each country.

240 B. See Chapter 8. In a symmetric cryptosystem, both users must possess the same encryption key. If these users do not know each other, it may be difficult to securely exchange a key.

241 A. See Chapter 5. The best choice for making an FTP connection more secure is to change to FTPS or SFTP. Encrypting the payload does not protect authentication credentials.

242 C. See Chapter 4. An attacker who is able to record the keystrokes of a user logging in to a system is preparing to launch a replay attack.

243 D. See Chapter 7. An e-mail-based attack that points users to a website that resembles a company’s own website is a spear phishing attack, because it is targeting users in a specific organization.

244 A. See Chapter 8. If a laptop containing private encryption keys has been stolen, the attacker may be able to guess the passwords for private keys and compromise the cryptosystem. The owner of the encryption keys should generate new key pairs.

245 A. See Chapter 12. Any company that outsources credit card processing to another organization should require the organization to be PCI-compliant.

246 D. See Chapter 10. Personnel who administer centralized audit log servers should be separate personnel from those who administer systems being logged. Otherwise administrators would be able to manipulate the contents of audit log servers and cover up their activities.

247 D. See Chapter 13. The ideal level for relative humidity in a datacenter is between 40% and 60%. If humidity falls below 40%, there is risk of static discharge that can damage computing equipment. If the humidity rises above 60%, condensation can damage computing equipment.

248 A. See Chapter 9. The access model described here is the Access Matrix, which specifies which persons (or job titles) are permitted to access which system roles.

249 B. See Chapter 6. A decision on how to resolve an identified risk is known as risk treatment.

250 B. See Chapter 8. In Cipher Block Chaining (CBC), each plaintext block is XORed with the ciphertext of the preceding block, making it more random.