Chapter 9
Practice Test 1

  1. NIST SP800-53 discusses a set of security controls as what type of security tool?

    1. A configuration list
    2. A threat management strategy
    3. A baseline
    4. The CIS standard

  2. Ed has been tasked with identifying a service that will provide a low-latency, high-performance, and high-availability way to host content for his employer. What type of solution should he seek out to ensure that his employer’s customers around the world can access their content quickly, easily, and reliably?

    1. A hot site
    2. A CDN
    3. Redundant servers
    4. A P2P CDN

  3. Which one of the following is not a function of a forensic device controller?

    1. Preventing the modification of data on a storage device
    2. Returning data requested from the device
    3. Reporting errors sent by the device to the forensic host
    4. Blocking read commands sent to the device

  4. Mike is building a fault-tolerant server and wishes to implement RAID 1. How many physical disks are required to build this solution?

    1. 1
    2. 2
    3. 3
    4. 5

  5. Which Kerberos service generates a new ticket and session keys and sends them to the client?

    1. KDC
    2. TGT
    3. AS
    4. TGS

  6. Communication systems that rely on start and stop flags or bits to manage data transmission are known as what type of communication?

    1. Analog
    2. Digital
    3. Synchronous
    4. Asynchronous

  7. What type of motion detector uses high microwave frequency signal transmissions to identify potential intruders?

    1. Infrared
    2. Heat-based
    3. Wave pattern
    4. Capacitance

  8. Susan sets up a firewall that keeps track of the status of the communication between two systems, and allows a remote system to respond to a local system after the local system starts communication. What type of firewall is Susan using?

    1. A static packet filtering firewall
    2. An application-level gateway firewall
    3. A stateful packet inspection firewall
    4. A circuit-level gateway firewall

    Questions 9–11 refer to the following scenario:

    Ben owns a coffeehouse and wants to provide wireless Internet service for his customers. Ben’s network is simple and uses a single consumer grade wireless router and a cable modem connected via a commercial cable data contract. Using this information about Ben’s network, answer the following questions.

  9. How can Ben provide access control for his customers without having to provision user IDs before they connect while also gathering useful contact information for his business purposes?

    1. WPA2 PSK
    2. A captive portal
    3. Require customers to use a publicly posted password like “BensCoffee.”
    4. Port security

  10. Ben intends to run an open (unencrypted) wireless network. How should he connect his business devices?

    1. Run WPA2 on the same SSID.
    2. Set up a separate SSID using WPA2.
    3. Run the open network in Enterprise mode.
    4. Set up a separate wireless network using WEP.

  11. After implementing the solution from the first question, Ben receives a complaint about users in his cafe hijacking other customers’ web traffic, including using their usernames and passwords. How is this possible?

    1. The password is shared by all users, making traffic vulnerable.
    2. A malicious user has installed a Trojan on the router.
    3. A user has ARP spoofed the router, making all traffic broadcast to all users.
    4. Open networks are unencrypted, making traffic easily sniffable.

  12. Which one of the following is not a mode of operation for the Data Encryption Standard?

    1. CBC
    2. CFB
    3. OFB
    4. AES

  13. Tom is tuning his security monitoring tools in an attempt to reduce the number of alerts received by administrators without missing important security events. He decides to configure the system to only report failed login attempts if there are five failed attempts to access the same account within a one-hour period of time. What term best describes the technique that Tom is using?

    1. Thresholding
    2. Sampling
    3. Account lockout
    4. Clipping

  14. Sally has been tasked with deploying an authentication, authorization, and accounting server for wireless network services in her organization, and needs to avoid using proprietary technology. What technology should she select?

    1. OAuth
    2. RADIUS
    3. TACACS
    4. TACACS+

  15. An accounting clerk for Christopher’s Cheesecakes does not have access to the salary information for individual employees but wanted to know the salary of a new hire. He pulled total payroll expenses for the pay period before the new person was hired and then pulled the same expenses for the following pay period. He computed the difference between those two amounts to determine the individual’s salary. What type of attack occurred?

    1. Aggregation
    2. Data diddling
    3. Inference
    4. Social engineering

  16. Alice would like to have read permissions on an object and knows that Bob already has those rights and would like to give them to herself. Which one of the rules in the Take-Grant protection model would allow her to complete this operation if the relationship exists between Alice and Bob?

    1. Take rule
    2. Grant rule
    3. Create rule
    4. Remote rule

  17. During a log review, Danielle discovers a series of logs that show login failures:

    Jan 31 11:39:12 ip-10-0-0-2 sshd[29092]: Invalid user admin from remotehost passwd=aaaaaaaa
Jan 31 11:39:20 ip-10-0-0-2 sshd[29098]: Invalid user admin from remotehost passwd=aaaaaaab
Jan 31 11:39:23 ip-10-0-0-2 sshd[29100]: Invalid user admin from remotehost passwd=aaaaaaac
Jan 31 11:39:31 ip-10-0-0-2 sshd[29106]: Invalid user admin from remotehost passwd=aaaaaaad
Jan 31 20:40:53 ip-10-0-0-254 sshd[30520]: Invalid user admin from remotehost passwd=aaaaaaad

    What type of attack has Danielle discovered?

    1. A pass-the-hash attack
    2. A brute-force attack
    3. A man-in-the-middle attack
    4. A dictionary attack

  18. What property of a relational database ensures that two executing transactions do not affect each other by storing interim results in the database?

    1. Atomicity
    2. Isolation
    3. Consistency
    4. Durability

  19. Kim is the system administrator for a small business network that is experiencing security problems. She is in the office in the evening working on the problem and nobody else is there. As she is watching, she can see that systems on the other side of the office that were previously behaving normally are now exhibiting signs of infection. What type of malware is Kim likely dealing with?

    1. Virus
    2. Worm
    3. Trojan horse
    4. Logic bomb

  20. Which one of the following attack types takes advantage of a vulnerability in the network fragmentation function of some operating systems?

    1. Smurf
    2. Land
    3. Teardrop
    4. Fraggle

  21. Which of the following sequences properly describes the TCP 3-way handshake?

    1. SYN, ACK, SYN/ACK
    2. PSH, RST, ACK
    3. SYN, SYN/ACK, ACK
    4. SYN, RST, FIN

  22. Which one of the following technologies is not normally a capability of Mobile Device Management (MDM) solutions?

    1. Remotely wiping the contents of a mobile device
    2. Assuming control of a nonregistered BYOD mobile device
    3. Enforcing the use of device encyrption
    4. Managing device backups

  23. Jim is implementing an IDaaS solution for his organization. What type of technology is he putting in place?

    1. Identity as a Service
    2. Employee ID as a service
    3. Cloud based RADIUS
    4. OAuth

  24. Gina recently took the CISSP certification exam and then wrote a blog post that included the text of many of the exam questions that she experienced. What aspect of the (ISC)2 code of ethics is most directly violated in this situation?

    1. Advance and protect the profession.
    2. Act honorably, honestly, justly, responsibly, and legally.
    3. Protect society, the common good, necessary public trust and confidence, and the infrastructure.
    4. Provide diligent and competent service to principals.

  25. Gordon is conducting a risk assessment for his organization and determined the amount of damage that flooding is expected to cause to his facilities each year. What metric has Gordon identified?

    1. ALE
    2. ARO
    3. SLE
    4. EF

  26. Greg would like to implement application control technology in his organization. He would like to limit users to installing only approved software on their systems. What type of application control would be appropriate in this situation?

    1. Blacklisting
    2. Graylisting
    3. Whitelisting
    4. Bluelisting

  27. Frank is the security administrator for a web server that provides news and information to people located around the world. His server received an unusually high volume of traffic that it could not handle and was forced to reject requests. Frank traced the source of the traffic back to a botnet. What type of attack took place?

    1. Denial of service
    2. Reconaissance
    3. Compromise
    4. Malicious insider

  28. In the database table shown here, which column would be the best candidate for a primary key?

    1. Company ID
    2. Company Name
    3. ZIP Code
    4. Sales Rep

  29. Information about an individual like their name, Social Security number, date and place of birth, or their mother’s maiden name is an example of what type of protected information?

    1. PHI
    2. Proprietary Data
    3. PII
    4. EDI

  30. Bob is configuring egress filtering on his network, examining traffic destined for the Internet. His organization uses the public address range 12.8.195.0/24. Packets with which one of the following destination addresses should Bob permit to leave the network?

    1. 12.8.195.15
    2. 10.8.15.9
    3. 192.168.109.55
    4. 129.53.44.124

  31. How many possible keys exist in a cryptographic algorithm that uses 6-bit encryption keys?

    1. 12
    2. 16
    3. 32
    4. 64

  32. What problem drives the recommendation to physically destroy SSD drives to prevent data leaks when they are retired?

    1. Degaussing only partially wipes the data on SSDs.
    2. SSDs don’t have data remanence.
    3. SSDs are unable to perform a zero fill.
    4. The built-in erase commands are not completely effective on some SSDs.

  33. GAD Systems is concerned about the risk of hackers stealing sensitive information stored on a file server. They choose to pursue a risk mitigation strategy. Which one of the following actions would support that strategy?

    1. Encrypting the files
    2. Deleting the files
    3. Purchasing cyberliability insurance
    4. Taking no action

  34. How should samples be generated when assessing account management practices?

    1. They should be generated by administrators.
    2. The last 180 days of accounts should be validated.
    3. Sampling should be conducted randomly.
    4. Sampling is not effective, and all accounts should be audited.

  35. The International Safe Harbor Privacy Principles includes seven tenets. Which of the following lists correctly identifies all seven?

    1. Awareness, selection, control, security, data integrity, access, enforcement
    2. Notice, choice, onward transfer, security, data integrity, access, enforcement
    3. Privacy, security, control, notification, data integrity, access, enforcement
    4. Submission, editing, updates, confidential, integrity, security, access

  36. In what type of software testing does the attacker have complete knowledge of the system implementation prior to beginning the test?

    1. Black box
    2. Blue box
    3. Gray box
    4. White box

  37. What type of log is shown in the figure?

    Screenshot shows log entries such as GRT/ forum/ viewtopic.php/f=4&t=25630 HTTP/ 1.1, Mozilla/ 5.0 (compatible; Linux x86_64; Mail.RU_Bot/ 2.0; +http:// go.mail.ru/ help/ robots).
    1. Firewall log
    2. Change log
    3. Application log
    4. System log

  38. Captain Crunch, famous phone phreak, was known for using a toy whistle to generate the 2600 Hz tones that phone trunk systems used to communicate. What is the common name for a phreaking tool with this capability?

    1. A black box
    2. A red box
    3. A blue box
    4. A white box

  39. When an attacker calls an organization’s help desk and persuades them to reset a password for them due to the help desk employee’s trust and willingness to help, what type of attack succeeded?

    1. A human Trojan
    2. Social engineering
    3. Phishing
    4. Whaling

  40. When a user attempts to log into their online account, Google sends a text message with a code to their cell phone. What type of verification is this?

    1. Knowledge-based authentication
    2. Dynamic knowledge–based authentication
    3. Out-of-band identity proofing
    4. Risk-based identity proofing

  41. What mathematical operation, when substituted for the blank lines shown here, would make the equations correct?

    Screenshot shows four equations such as 8 dash 6 equal to 2, 8 dash 4 equal to 0, 10 dash 3 equal to 1 and 10 dash 2 equal to 0.
    1. MOD
    2. XOR
    3. NAND
    4. DIV

    Questions 42–44 refer to the following scenario:

    The organization that Ben works for has a traditional onsite Active Directory environment that uses a manual provisioning process for each addition to their 350-employee company. As the company adopts new technologies, they are increasingly using Software as a Service applications to replace their internally developed software stack.

    Ben has been tasked with designing an identity management implementation that will allow his company to use cloud services while supporting their existing systems. Using the logical diagram shown here, answer the following questions about the identity recommendations Ben should make.

    Diagram shows employee workstations, active directory, CRM and database are connected to internet through internal network and secure border. Internet is also connected to business partner and ecommerce application.

  42. If availability of authentication services is the organization’s biggest priority, what type of identity platform should Ben recommend?

    1. Onsite
    2. Cloud based
    3. Hybrid
    4. Outsourced

  43. If Ben needs to share identity information with the business partner shown, what should he investigate?

    1. Single sign-on
    2. Multifactor authentication
    3. Federation
    4. IDaaS

  44. What technology is likely to be involved when Ben’s organization needs to provide authentication and authorization assertions to their e-commerce cloud partner?

    1. Active Directory
    2. SAML
    3. RADIUS
    4. SPML

  45. Dave is responsible for password security in his organization and would like to strengthen the security of password files. He would like to defend his organization against the use of rainbow tables. Which one of the following techniques is specifically designed to frustrate the use of rainbow tables?

    1. Password expiration policies
    2. Salting
    3. User education
    4. Password complexity policies

  46. Which one of the following is a single system designed to attract attackers because it seemingly contains sensitive information or other attractive resources?

    1. Honeynet
    2. Darknet
    3. Honeypot
    4. Pseudoflaw

  47. When evaluating biometric devices, what is another term used to describe the equal error rate?

    1. FAR
    2. FRR
    3. CER
    4. ERR

  48. A smart card is an example of what type of authentication factor?

    1. Type 1
    2. Type 2
    3. Type 3
    4. Type 4

  49. Sean suspects that an individual in his company is smuggling out secret information despite his company’s careful use of data loss prevention systems. He discovers that the suspect is posting photos, including the one shown here, to public Internet message boards. What type of technique may the individuals be using to hide messages inside this image?

    Photograph shows two ancient coins.
    1. Watermarking
    2. VPN
    3. Steganography
    4. Covert timing channel

  50. Roger is concerned that a third-party firm hired to develop code for an internal application will embed a backdoor in the code. The developer retains rights to the intellectual property and will only deliver the software in its final form. Which one of the following languages would be least susceptible to this type of attack because it would provide Roger with code that is human-readable in its final form?

    1. JavaScript
    2. C
    3. C++
    4. Java

  51. Jesse is looking at the /etc/passwd file on a system configured to use shadowed passwords. What should she expect to see in the password field of this file?

    1. Plaintext passwords
    2. Encrypted passwords
    3. Hashed passwords
    4. x

  52. Ping of Death, Smurf attacks, and ping floods all abuse features of what important protocol?

    1. IGMP
    2. UDP
    3. IP
    4. ICMP

  53. What principle states that an individual should make every effort to complete his or her responsibilities in an accurate and timely manner?

    1. Least privilege
    2. Separation of duties
    3. Due care
    4. Due diligence

  54. Cable modems, ISDN, and DSL are all examples of what type of technology?

    1. Baseband
    2. Broadband
    3. Digital
    4. Broadcast

  55. What penetration testing technique can best help assess training and awareness issues?

    1. Port scanning
    2. Discovery
    3. Social engineering
    4. Vulnerability scanning

  56. Bill implemented RAID level 5 on a server that he operates using a total of three disks. How many disks may fail without the loss of data?

    1. 0
    2. 1
    3. 2
    4. 3

  57. Data is sent as bits at what layer of the OSI model?

    1. Transport
    2. Network
    3. Data Link
    4. Physical

  58. Bert is considering the use of an infrastructure as a service cloud computing partner to provide virtual servers. Which one of the following would be a vendor responsibility in this scenario?

    1. Maintaining the hypervisor
    2. Managing operating system security settings
    3. Maintaining the host firewall
    4. Configuring server access control

  59. When Ben records data, then replays it against his test website to verify how it performs based on a real production workload, what type of performance monitoring is he undertaking?

    1. Passive
    2. Proactive
    3. Reactive
    4. Replay

  60. What technology ensures that an operating system allocates separate memory spaces used by each application on a system?

    1. Abstraction
    2. Layering
    3. Data hiding
    4. Process isolation

  61. Alan is considering the use of new identification cards in his organization that will be used for physical access control. He comes across a sample card and is unsure of the technology. He breaks it open and sees the following internal construction. What type of card is this?

    Photograph shows a passive proximity card with the plastic casing opened to show components such as antenna coil and integrated circuit.
    1. Smart card
    2. Proximity card
    3. Magnetic stripe
    4. Phase-two card

  62. Mark is planning a disaster recovery test for his organization. He would like to perform a live test of the disaster recovery facility but does not want to disrupt operations at the primary facility. What type of test should Mark choose?

    1. Full interruption test
    2. Checklist review
    3. Parallel test
    4. Tabletop exercise

  63. Which one of the following is not a principle of the Agile approach to software development?

    1. The best architecture, requirements, and designs emerge from self-organizing teams.
    2. Deliver working software infrequently, with an emphasis on creating accurate code over longer timelines.
    3. Welcome changing requirements, even late in the development process.
    4. Simplicity is essential.

  64. During a security audit, Susan discovers that the organization is using hand geometry scanners as the access control mechanism for their secure data center. What recommendation should Susan make about the use of hand geometry scanners?

    1. They have a high FRR, and should be replaced.
    2. A second factor should be added because they are not a good way to reliably distinguish individuals.
    3. The hand geometry scanners provide appropriate security for the data center and should be considered for other high-security areas.
    4. They may create accessibility concerns and an alternate biometric system should be considered.

  65. Colleen is conducting a business impact assessment for her organization. What metric provides important information about the amount of time that the organization may be without a service before causing irreparable harm?

    1. MTD
    2. ALE
    3. RPO
    4. RTO

  66. An attack that changes a symlink on a Linux system between the time that an account’s rights to the file are verified and the file is accessed is an example of what type of attack?

    1. Unlinking
    2. Tick/tock
    3. setuid
    4. TOC/TOU

  67. An authentication factor that is “something you have,” and that typically includes a microprocessor and one or more certificates, is what type of authenticator?

    1. A smart card
    2. A token
    3. A Type I validator
    4. A Type III authenticator

  68. What term best describes an attack that relies on stolen or falsified authentication credentials to bypass an authentication mechanism?

    1. Spoofing
    2. Replay
    3. Masquerading
    4. Modification

  69. What speed is a T1 line?

    1. 64 Kbps
    2. 128 Kbps
    3. 1.544 Mbps
    4. 44.736 Mbps

  70. Owen recently designed a security access control structure that prevents a single user from simultaneously holding the role required to create a new vendor and the role required to issue a check. What principle is Owen enforcing?

    1. Two-person control
    2. Least privilege
    3. Separation of duties
    4. Job rotation

  71. Denise is preparing for a trial relating to a contract dispute between her company and a software vendor. The vendor is claiming that Denise made a verbal agreement that amended their written contract. What rule of evidence should Denise raise in her defense?

    1. Real evidence rule
    2. Best evidence rule
    3. Parol evidence rule
    4. Testimonial evidence rule

  72. While Lauren is monitoring traffic on two ends of a network connection, she sees traffic that is inbound to a public IP address show up inside of the production network bound for an internal host that uses an RFC 1918 reserved address. What technology should she expect is in use at the network border?

    1. NAT
    2. VLANs
    3. S/NAT
    4. BGP

  73. Which of the following statements about SSAE-16 is not true?

    1. It mandates a specific control set.
    2. It is an attestation standard.
    3. It is used for external audits.
    4. It uses a framework, including SOC 1, SOC 2, and SOC 3 reports.

  74. What does a constrained user interface do?

    1. It prevents unauthorized users from logging in.
    2. It limits the data visible in an interface based on the content.
    3. It limits the access a user is provided based on what activity they are performing.
    4. It limits what users can do or see based on privileges.

  75. Greg is building a disaster recovery plan for his organization and would like to determine the amount of time that it should take to restore a particular IT service after an outage. What variable is Greg calculating?

    1. MTO
    2. RTO
    3. RPO
    4. SLA

  76. In object-oriented programming, what type of variable exists only once and shares the same value across all instances of an object?

    1. Instance variable
    2. Member variable
    3. Class variable
    4. Global variable

  77. What type of fire extinguisher is useful against liquid-based fires?

    1. Class A
    2. Class B
    3. Class C
    4. Class D

  78. The company Chris works for has notifications posted at each door reminding employees to be careful to not allow people to enter when they do. Which type of controls best describes this?

    1. Detective
    2. Physical
    3. Preventive
    4. Directive

  79. Which one of the following principles is not included in the International Safe Harbor Provisions?

    1. Access
    2. Security
    3. Enforcement
    4. Nonrepudiation

  80. What group is eligible to receive safe harbor protection under the terms of the Digital Millennium Copyright Act (DMCA)?

    1. Music producers
    2. Book publishers
    3. Internet service providers
    4. Banks

  81. Alex is the system owner for the HR system at a major university. According to NIST SP 800-18, what action should he take when a significant change occurs in the system?

    1. He should develop a data confidentiality plan.
    2. He should update the system security plan.
    3. He should classify the data the system contains.
    4. He should select custodians to handle day-to-day operational tasks.

    Questions 82–84 refer to the following scenario:

    Alex has been with the university he works at for over 10 years. During that time, he has been a system administrator and a database administrator, and he has worked in the university’s help desk. He is now a manager for the team that runs the university’s web applications. Using the provisioning diagram shown here, answer the following questions.

    Diagram shows device A is connected to provisioning system at the center which is connected to application servers, database servers, active directory enabled workstations, directory server and incident management system.

  82. If Alex hires a new employee and the employee’s account is provisioned after HR manually inputs information into the provisioning system based on data Alex provides via a series of forms, what type of provisioning has occurred?

    1. Discretionary account provisioning
    2. Workflow-based account provisioning
    3. Automated account provisioning
    4. Self-service account provisioning

  83. Alex has access to B, C, and D. What concern should he raise to the university’s identity management team?

    1. The provisioning process did not give him the rights he needs.
    2. He has excessive privileges.
    3. Privilege creep may be taking place.
    4. Logging is not properly enabled.

  84. When Alex changes roles, what should occur?

    1. He should be de-provisioned and a new account should be created.
    2. He should have his new rights added to his existing account.
    3. He should be provisioned for only the rights that match his role.
    4. He should have his rights set to match those of the person he is replacing.

  85. Robert is reviewing a system that has been assigned the EAL2 evaluation assurance level under the Common Criteria. What is the highest level of assurance that he may have about the system?

    1. It has been functionally tested.
    2. It has been structurally tested.
    3. It has been formally verified, designed, and tested.
    4. It has been semiformally designed and tested.

  86. Adam is processing an access request for an end user. What two items should he verify before granting the access?

    1. Separation and need to know
    2. Clearance and endorsement
    3. Clearance and need to know
    4. Second factor and clearance

  87. During what phase of the electronic discovery reference model does an organization ensure that potentially discoverable information is protected against alteration or deletion?

    1. Identification
    2. Preservation
    3. Collection
    4. Production

  88. Nessus, OpenVAS, and SAINT are all examples of what type of tool?

    1. Port scanners
    2. Patch management suites
    3. Port mappers
    4. Vulnerability scanners

  89. Harry would like to access a document owned by Sally stored on a file server. Applying the subject/object model to this scenario, who or what is the object of the resource request?

    1. Harry
    2. Sally
    3. File server
    4. Document

  90. What is the process that occurs when the session layer removes the header from data sent by the transport layer?

    1. Encapsulation
    2. Packet unwrapping
    3. De-encapsulation
    4. Payloading

  91. Which of the following tools is best suited to testing known exploits against a system?

    1. Nikto
    2. Ettercap
    3. Metasploit
    4. THC Hydra

  92. What markup language uses the concepts of a Requesting Authority, a Provisioning Service Point, and a Provisioning Service Target to handle its core functionality?

    1. SAML
    2. SAMPL
    3. SPML
    4. XACML

  93. What type of risk assessment uses tools such as the one shown here?

    Probability versus impact plot shows a 2 by 2 matrix in which quadrants on top right, top left, bottom left and bottom right are numbered as 1, 2, 3 and 4 respectively.
    1. Quantitative
    2. Loss expectancy
    3. Financial
    4. Qualitative

  94. MAC models use three types of environments. Which of the following is not a mandatory access control design?

    1. Hierarchical
    2. Bracketed
    3. Compartmentalized
    4. Hybrid

  95. What level of RAID is also called disk striping with parity?

    1. RAID 0
    2. RAID 1
    3. RAID 5
    4. RAID 10

  96. Sally is wiring a gigabit Ethernet network. What cabling choices should she make to ensure she can use her network at the full 1000 Mbps she wants to provide to her users?

    1. Cat 5 and Cat 6
    2. Cat 5e and Cat 6
    3. Cat 4e and Cat 5e
    4. Cat 6 and Cat 7

  97. Which one of the following is typically considered a business continuity task?

    1. Business impact assessment
    2. Alternate facility selection
    3. Activation of cold sites
    4. Restoration of data from backup

  98. Robert is the network administrator for a small business and recently installed a new firewall. After seeing signs of unusually heavy network traffic, he checked his intrusion detection system, which reported that a Smurf attack was under way. What firewall configuration change can Robert make to most effectively prevent this attack.

    1. Block the source IP address of the attack.
    2. Block inbound UDP traffic.
    3. Block the destination IP address of the attack.
    4. Block inbound ICMP traffic.

  99. Which one of the following types of firewalls does not have the ability to track connection status between different packets?

    1. Stateful inspection
    2. Application proxy
    3. Packet filter
    4. Next generation

  100. Which of the following is used only to encrypt data in transit over a network and cannot be used to encrypt data at rest?

    1. TKIP
    2. AES
    3. 3DES
    4. RSA

  101. What type of fuzzing is known as intelligent fuzzing?

    1. Zzuf
    2. Mutation
    3. Generational
    4. Code based

  102. Matthew is experiencing issues with the quality of network service on his organization’s network. The primary symptom is that packets are occasionally taking too long to travel from their source to their destination. What term describes the issue Matthew is facing?

    1. Latency
    2. Jitter
    3. Packet loss
    4. Interference

  103. Which of the following multifactor authentication technologies provides both low management overhead and flexibility?

    1. Biometrics
    2. Software tokens
    3. Synchronous hardware tokens
    4. Asynchronous hardware tokens

  104. What type of testing would validate support for all the web browsers that are supported by a web application?

    1. Regression testing
    2. Interface testing
    3. Fuzzing
    4. White box testing

  105. Kathleen is implementing an access control system for her organization and builds the following array:

    • Reviewers: update files, delete files
    • Submitters: upload files
    • Editors: upload files, update files
    • Archivists: delete files

    What type of access control system has Kathleen implemented?

    1. Role-based access control
    2. Task-based access control
    3. Rule-based access control
    4. Discretionary access control

  106. Alan is installing a fire suppression system that will kick in after a fire breaks out and protect the equipment in the data center from extensive damage. What metric is Alan attempting to lower?

    1. Likelihood
    2. RTO
    3. RPO
    4. Impact

  107. Alan’s Wrenches recently developed a new manufacturing process for its product. They plan to use this technology internally and not share it with others. They would like it to remain protected for as long as possible. What type of intellectual property protection is best suited for this situation?

    1. Patent
    2. Copyright
    3. Trademark
    4. Trade secret

  108. Ben wants to interface with the National Vulnerability Database using a standardized protocol. What option should he use to ensure that the tools he builds work with the data contained in the NVD?

    1. XACML
    2. SCML
    3. VSML
    4. SCAP

  109. Which of the following is not one of the three components of the DevOps model?

    1. Software development
    2. Change management
    3. Quality assurance
    4. Operations

  110. In the figure shown here, Harry’s request to read the data file is blocked. Harry has a Secret security clearance and the data file has a Top Secret classification. What principle of the Bell-LaPadula model blocked this request?

    Image described by surrounding text.
    1. Simple Security Property
    2. Simple Integrity Property
    3. *-Security Property
    4. Discretionary Security Property

  111. Norm is starting a new software project with a vendor that uses an SDLC approach to development. When he arrives on the job, he receives a document that has the sections shown here. What type of planning document is this?

    Diagram shows a document with executive summary section on top, detailed project tasks for the applicable SDLC phases on center and special interest areas tracked outside the SDLC phase areas on bottom.
    1. Functional requirements
    2. Work breakdown structure
    3. Test analysis report
    4. Project plan

  112. Kolin is searching for a network security solution that will allow him to help reduce zero-day attacks while using identities to enforce a security policy on systems before they connect to the network. What type of solution should Kolin implement?

    1. A firewall
    2. An NAC system
    3. An intrusion detection system
    4. Port security

  113. Gwen comes across an application that is running under a service account on a web server. The service account has full administrative rights to the server. What principle of information security does this violate?

    1. Need to know
    2. Separation of duties
    3. Least privilege
    4. Job rotation

  114. Which of the following is not a type of structural coverage?

    1. Statement
    2. Trace
    3. Loop
    4. Data flow

  115. Which of the following tools is best suited to the information gathering phase of a penetration test?

    1. Whois
    2. zzuf
    3. Nessus
    4. Metasploit

    Questions 116–118 refer to the following scenario:

    During a web application vulnerability scanning test, Steve runs Nikto against a web server he believes may be vulnerable to attacks. Using the Nikto output shown here, answer the following questions.

    Screenshot shows server Apache/2.2.8 appears to be outdated, HTTP TRACE method is active, suggesting the host is vulnerable to XST and PHP reveals potentially sensitive information via certain HTTP requests.

  116. Why does Nikto flag the /test directory?

    1. The /test directory allows administrative access to PHP.
    2. It is used to store sensitive data.
    3. Test directories often contain scripts that can be misused.
    4. It indicates a potential compromise.

  117. Why does Nikto identify directory indexing as an issue?

    1. It lists files in a directory.
    2. It may allow for XDRF.
    3. Directory indexing can result in a denial-of-service attack.
    4. Directory indexing is off by default, potentially indicating compromise.

  118. Nikto lists OSVDB-877, noting that the system may be vulnerable to XST. What would this type of attack allow an attacker to do?

    1. Use cross-site targeting.
    2. Steal a user’s cookies.
    3. Counter SQL tracing.
    4. Modify a user’s TRACE information.

  119. Which one of the following memory types is considered volatile memory?

    1. Flash
    2. EEPROM
    3. EPROM
    4. RAM

  120. Ursula believes that many individuals in her organization are storing sensitive information on their laptops in a manner that is unsafe and potentially violates the organization’s security policy. What control can she use to identify the presence of these files?

    1. Network DLP
    2. Network IPS
    3. Endpoint DLP
    4. Endpoint IPS

  121. In what cloud computing model does the customer build a cloud computing environment in his or her own data center or build an environment in another data center that is for the customer’s exclusive use?

    1. Public cloud
    2. Private cloud
    3. Hybrid cloud
    4. Shared cloud

  122. Which one of the following technologies is designed to prevent a hard drive from becoming a single point of failure in a system?

    1. Load balancing
    2. Dual-power supplies
    3. IPS
    4. RAID

  123. Alice wants to send Bob a message with the confidence that Bob will know the message was not altered while in transit. What goal of cryptography is Alice trying to achieve?

    1. Confidentiality
    2. Nonrepudiation
    3. Authentication
    4. Integrity

  124. What network topology is shown here?

    Diagram shows a set of computers and a server connected to a router at the center.
    1. A ring
    2. A bus
    3. A star
    4. A mesh

  125. Monica is developing a software application that calculates an individual’s body mass index for use in medical planning. She would like to include a control on the field where the physician enters an individual’s weight to ensure that the weight falls within an expected range. What type of control should Monica use?

    1. Fail open
    2. Fail secure
    3. Limit check
    4. Buffer bounds

  126. Fred’s data role requires him to maintain system security plans and to ensure that system users and support staff get the training they need about security practices and acceptable use. What is the role that Fred is most likely to hold in the organization?

    1. Data owner
    2. System owner
    3. User
    4. Custodian

  127. Sally is using IPSec’s ESP component in transport mode. What important information should she be aware of about transport mode?

    1. Transport mode provides full encryption of the entire IP packet.
    2. Transport mode adds a new, unencrypted header to ensure that packets reach their destination.
    3. Transport mode does not encrypt the header of the packet.
    4. Transport mode provides no encryption, only tunnel mode provides encryption.

  128. Which one of the following is not a key process area for the Repeatable phase of the Software Capability Maturity Model (SW-CMM)?

    1. Software Project Planning
    2. Software Quality Management
    3. Software Project Tracking
    4. Software Subcontract Management

  129. Ben wants to provide predictive information about his organization’s risk exposure in an automated way as part of an ongoing organizational risk management plan. What should he use to do this?

    1. KRIs
    2. Quantitative risk assessments
    3. KPIs
    4. Penetration tests

  130. In the image shown here, what does system B send to system A at step 2 of the three-way TCP handshake?

    Diagram shows system A sends signal to system B in step 1, B sends to A in step 2 and again A sends to B in step 3.
    1. SYN
    2. ACK
    3. FIN/ACK
    4. SYN/ACK

  131. Chris is conducting reconnaissance on a remote target and discovers that pings are allowed through his target’s border firewall. What can he learn by using ping to probe the remote network?

    1. Which systems respond to ping, a rough network topology, and potentially the location of additional firewalls
    2. A list of all of the systems behind the target’s firewall
    3. The hostnames and time to live (TTL) for each pingable system, and the ICMP types allowed through the firewall
    4. Router advertisements, echo request responses, and potentially which hosts are tarpitted

  132. What access management concept defines what rights or privileges a user has?

    1. Identification
    2. Accountability
    3. Authorization
    4. Authentication

  133. Which one of the following is not a classification level commonly found in commercial data classification schemes?

    1. Secret
    2. Sensitive
    3. Confidential
    4. Public

  134. Files, databases, computers, programs, processes, devices, and media are all examples of what?

    1. Subjects
    2. Objects
    3. File stores
    4. Users

  135. Danielle is testing tax software, and part of her testing process requires her to input a variety of actual tax forms to verify that the software produces the right answers. What type of testing is Danielle performing?

    1. Use case testing
    2. Dynamic testing
    3. Fuzzing
    4. Misuse testing

  136. What is the standard term of protection for a copyrighted work by a known author?

    1. 95 years
    2. 120 years
    3. 70 years from the death of the author
    4. 100 years from the death of the author

  137. IP addresses like 10.10.10.10 and 172.19.24.21 are both examples of what type of IP address?

    1. Public IP addresses
    2. Prohibited IP addresses
    3. Private IP addresses
    4. Class B IP ranges

  138. What flaw is a concern with preset questions for cognitive passwords?

    1. It prevents the use of tokens.
    2. The question’s answer may be easy to find on the Internet.
    3. Cognitive passwords require users to think to answer the question, and not all users may be able to solve the problems presented.
    4. Cognitive passwords don’t support long passwords.

  139. In the Clark-Wilson integrity model, what type of process is authorized to modify constrained items?

    1. CDI
    2. UDI
    3. IVP
    4. TP

  140. Kay is selecting an application management approach for her organization. Employees need the flexibility to install software on their systems, but Kay wants to prevent them from installing certain prohibited packages. What type of approach should she use?

    1. Antivirus
    2. Whitelist
    3. Blacklist
    4. Heuristic

  141. Data relating to the past, present, or future payment for the provision of healthcare to an individual is what type of data per HIPAA?

    1. PCI
    2. Personal billing data
    3. PHI
    4. Personally identifiable information (PII)

  142. Yagis, panel, cantennas, and parabolic antennas are all examples of what type of antenna?

    1. Omnidirectional
    2. Rubber duck or base antenna
    3. Signal boosting
    4. Directional

  143. Function, statement, branch, and condition are all types of what?

    1. Penetration testing methodologies
    2. Fuzzing techniques
    3. Code coverage measures
    4. Synthetic transaction analysis

  144. What is the minimum number of people who should be trained on any specific business continuity plan implementation task?

    1. 1
    2. 2
    3. 3
    4. 5

  145. Cameron is responsible for backing up his company’s primary file server. He configured a backup schedule that performs full backups every Monday evening at 9:00 and incremental backups on other days of the week at that same time. How many files will be copied in Wednesday’s backup?

    Screenshot shows a list of file modifications such as File 1 is created on Monday at 8 AM and modified on Monday at 4 PM and Tuesday at 8 AM, File 2 created on Monday at 10 AM and modified on Tuesday at 9 AM et cetera.
    1. 1
    2. 2
    3. 5
    4. 6

  146. Susan uses a span port to monitor traffic to her production website, and uses a monitoring tool to identify performance issues in real time. What type of monitoring is she conducting?

    1. Passive monitoring
    2. Active monitoring
    3. Synthetic monitoring
    4. Signature-based monitoring

  147. The type of access granted to an object, and the actions that you can take on or with the object, are examples of what?

    1. Permissions
    2. Rights
    3. Priviliges
    4. Roles

  148. Which one of the following would be considered an example of Infrastructure as a Service cloud computing?

    1. Payroll system managed by a vendor and delivered over the web
    2. Application platform managed by a vendor that runs customer code
    3. Servers provisioned by customers on a vendor-managed virtualization platform
    4. Web-based email service provided by a vendor

    Questions 149–151 refer to the following scenario.

    Darcy is an information security risk analyst for Roscommon Agricultural Products. She is currently trying to decide whether the company should purchase an upgraded fire suppression system for their primary data center. The data center facility has a replacement cost of $2 million.

    After consulting with actuaries, data center managers, and fire subject matter experts, Darcy determined that a typical fire would likely require the replacement of all equipment inside the building but not cause significant structural damage. Together, they estimated that recovering from the fire would cost $750,000. They also determined that the company can expect a fire of this magnitude once every 50 years.

  149. Based on the information in this scenario, what is the exposure factor for the effect of a fire on the Roscommon Agricultural Products data center?

    1. 7.5%
    2. 15.0%
    3. 27.5%
    4. 37.5%

  150. Based on the information in this scenario, what is the annualized rate of occurrence for a fire at the Roscommon Agricultural Products data center?

    1. 0.002
    2. 0.005
    3. 0.02
    4. 0.05

  151. Based on the information in this scenario, what is the annualized loss expectancy for a tornado at the Roscommon Agricultural Products data center?

    1. $15,000
    2. $25,000
    3. $75,000
    4. $750,000

  152. Two TCP header flags are rarely used. Which two are you unlikely to see in use in a modern network?

    1. CWR and ECE
    2. URG and FIN
    3. ECE and RST
    4. CWR and URG

  153. Which one of the following is not a tape rotation strategy commonly used in disaster recovery plans?

    1. Tower of Hanoi
    2. Key Rotation
    3. Grandfather, Father, Son
    4. First In, First Out

  154. Fran is a web developer who works for an online retailer. Her boss asked her to create a way that customers can easily integrate themselves with Fran’s company’s site. They need to be able to check inventory in real time, place orders, and check order status programatically without having to access the web page. What can Fran create to most directly facilitate this interaction?

    1. API
    2. Web scraper
    3. Data dictionary
    4. Call center

  155. What type of power issue occurs when a facility experiences a momentary loss of power?

    1. Fault
    2. Blackout
    3. Sag
    4. Brownout

  156. Lauren’s team of system administrators each deal with hundreds of systems with varying levels of security requirements and find it difficult to handle the multitude of usernames and passwords they each have. What type of solution should she recommend to ensure that passwords are properly handled and that features like logging and password rotation occur?

    1. A credential management system
    2. A strong password policy
    3. Separation of duties
    4. Single sign-on

  157. Ed’s Windows system can’t connect to the network and ipconfig shows the following:

    Screenshot shows Ethernet adapter local area connection details such as link-local IPv6 address, IPv4 address and subnet mask. Default gateway and connection-specific DNS suffix are not given.

    What has occurred on the system?

    1. The system has been assigned in invalid IP address by its DHCP server.
    2. The system has a manually assigned IP address.
    3. The system has failed to get a DHCP address and has assigned itself an address.
    4. The subnet mask is set incorrectly and the system cannot communicate with the gateway.

  158. What term is commonly used to describe initial creation of a user account in the provisioning process?

    1. Enrollment
    2. Clearance verification
    3. Background checks
    4. Initialization

  159. As part of her ongoing duties related to her company’s security program, Susan’s reports to management include the number of repeated audit findings. This information is an example of what type of useful measure?

    1. Key risk indicator
    2. Safeguard metrics
    3. Key performance indicator
    4. Audit tracking indicators

  160. There is a significant conflict between the drive for profit and the security requirements that Olivia’s organization has standardized. Olivia’s role means that decreased usability and loss of profit due to her staff’s inability to use the system is her major concern. What is the most likely role that Olivia plays in her organization?

    1. Business manager
    2. Information security analyst
    3. Data processor
    4. Mission owner

  161. Tom believes that a customer of his Internet service provider has been exploiting a vulnerability in his system to read the email messages of other customers. If true, what law did the customer most likely violate?

    1. ECPA
    2. CALEA
    3. HITECH
    4. Privacy Act

  162. In the ring protection model shown here, what ring contains user programs and applications?

    Diagram shows four concentric rings numbered from inner to outer as 0, 1, 2 and 3.
    1. Ring 0
    2. Ring 1
    3. Ring 2
    4. Ring 3

  163. Metrics like the attack vector, complexity, exploit maturity, and how much user interaction is required are all found in what scoring system?

    1. CVE
    2. CVSS
    3. CNA
    4. NVD

  164. In which of the following circumstances does an individual not have a reasonable expectation of privacy?

    1. Placing a telephone call on your cell phone
    2. Sending a letter through the U.S. mail
    3. Sending an email at work
    4. Retrieving your personal voicemail

  165. During which of the following disaster recovery tests does the team sit together and discuss the response to a scenario but not actually activate any disaster recovery controls?

    1. Checklist review
    2. Full interruption test
    3. Parallel test
    4. Tabletop exercise

  166. Susan wants to integrate her website to allow users to use accounts from sites like Google. What technology should she adopt?

    1. Kerberos
    2. LDAP
    3. OpenID
    4. SESAME

  167. Tom is conducting a business continuity planning effort for Orange Blossoms, a fruit orchard located in Central Florida. During the assessment process, the committee determined that there is a small risk of snow in the region but that the cost of implementing controls to reduce the impact of that risk is not warranted. They elect to not take any specific action in response to the risk. What risk management strategy is Orange Blossoms pursuing?

    1. Risk mitigation
    2. Risk transference
    3. Risk avoidance
    4. Risk acceptance

  168. Fred needs to run a network cable for over a kilometer. What wiring option should he choose to ensure that he doesn’t encounter issues?

    1. 10Base5
    2. 10BaseT
    3. STP
    4. Fiber optic

  169. Jack’s organization is a multinational nonprofit that has small offices in many developing countries throughout the world. They need to implement an access control system that allows flexibility and which can work despite poor Internet connectivity at their locations. What is the best type of access control design for Jack’s organization?

    1. Centralized access control
    2. Mandatory access control
    3. Decentralized access control
    4. Rule-based access control

  170. What U.S. government classification label is applied to information that, if disclosed, could cause serious damage to national security, and also requires that the damage that would be caused is able to be described or identified by the classification authority?

    1. Classified
    2. Secret
    3. Confidential
    4. Top Secret

    Questions 171–174 refer to the following scenario.

    Mike and Renee would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority.

  171. When the certificate authority (CA) created Renee’s digital certificate, what key was contained within the body of the certificate?

    1. Renee’s public key
    2. Renee’s private key
    3. CA’s public key
    4. CA’s private key

  172. When the certificate authority created Renee’s digital certificate, what key did it use to digitally sign the completed certificate?

    1. Renee’s public key
    2. Renee’s private key
    3. CA’s public key
    4. CA’s private key

  173. When Mike receives Renee’s digital certificate, what key does he use to verify the authenticity of the certificate?

    1. Renee’s public key
    2. Renee’s private key
    3. CA’s public key
    4. CA’s private key

  174. Mike would like to send Renee a private message using the information gained during this exchange. What key should he use to encrypt the message?

    1. Renee’s public key
    2. Renee’s private key
    3. CA’s public key
    4. CA’s private key

  175. Which one of the following tools may be used to directly violate the confidentiality of communications on an unencrypted VoIP network?

    1. Nmap
    2. Nessus
    3. Wireshark
    4. Nikto

  176. How does single sign-on increase security?

    1. It decreases the number of accounts required for a subject.
    2. It helps decrease the likelihood users will write down their passwords.
    3. It provides logging for each system that it is connected to.
    4. It provides better encryption for authentication data.

  177. Which one of the following cryptographic algorithms supports the goal of nonrepudiation?

    1. Blowfish
    2. DES
    3. AES
    4. RSA

  178. Microsoft’s STRIDE threat assessment framework uses six categories for threats: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. If a penetration tester is able to modify audit logs, what STRIDE categories best describe this issue?

    1. Tampering and information disclosure
    2. Elevation of privilege and tampering
    3. Repudiation and denial of service
    4. Repudiation and tampering

  179. RIP, OSPF, and BGP are all examples of protocols associated with what type of network device?

    1. Switches
    2. Bridges
    3. Routers
    4. Gateways

  180. AES-based CCMP and 802.1x replaced what security protocol that was designed as part of WPA to help fix the significant security issues found in WEP?

    1. TLS
    2. TKIP
    3. EAP
    4. PEAP

  181. The government agency that Ben works at installed a new access control system. The system uses information such as Ben’s identity, department, normal working hours, job category, and location to make authorization What type of access control system did Ben’s employer adopt?

    1. Role-based access control
    2. Attribute-based access control
    3. Administrative access control
    4. System discretionary access control

  182. The Low Orbit Ion Cannon (LOIC) attack tool used by Anonymous leverages a multitude of home PCs to attack its chosen targets. This is an example of what type of network attack?

    1. DDoS
    2. Ionization
    3. Zombie horde
    4. Teardrop

  183. Andrew believes that a digital certificate belonging to his organization was compromised and would like to add it to a Certificate Revocation List. Who must add the certificate to the CRL?

    1. Andrew
    2. The root authority for the top-level domain
    3. The CA that issued the certificate
    4. The revocation authority for the top-level domain

  184. Amanda is considering the implementation of a database recovery mechanism recommended by a consultant. In the recommended approach, an automated process will move records of transactions from the primary site to a backup site on an hourly basis. What type of database recovery technique is the consultant describing?

    1. Electronic vaulting
    2. Transaction logging
    3. Remote mirroring
    4. Remote journaling

  185. A process on a system needs access to a file that is currently in use by another process. What state will the process scheduler place this process in until the file becomes available?

    1. Running
    2. Ready
    3. Waiting
    4. Stopped

  186. Which one of the following investigation types has the loosest standards for the collection and preservation of information?

    1. Civil investigation
    2. Operational investigation
    3. Criminal investigation
    4. Regulatory investigation

  187. Sue was required to sign an NDA when she took a job at her new company. Why did the company require her to sign it?

    1. To protect the confidentiality of their data
    2. To ensure that Sue did not delete their data
    3. To prevent Sue from directly competing with them in the future
    4. To require Sue to ensure the availability for their data as part of her job

  188. Susan is concerned about the FAR associated with her biometric technology. What is the best method to deal with the FAR?

    1. Adjust the CER.
    2. Change the sensitivity of the system to lower the FRR.
    3. Add a second factor.
    4. Replace the biometric system.

  189. What length of time does an SOC 2 report typically cover?

    1. Point in time
    2. 6 months
    3. 12 months
    4. 3 months

  190. Which of the following is not a code review process?

    1. Email pass-around
    2. Over the shoulder
    3. Pair programming
    4. IDE forcing

  191. Which one of the following attack types depends on precise timing?

    1. TOC/TOU
    2. SQL injection
    3. Pass the hash
    4. Cross-site scripting

  192. What process adds a header and a footer to data received at each layer of the OSI model?

    1. Attribution
    2. Encapsulation
    3. TCP wrapping
    4. Data hiding

  193. Attackers who compromise websites often acquire databases of hashed passwords. What technique can best protect these passwords against automated password cracking attacks that use precomputed values?

    1. Using the MD5 hashing algorithm
    2. Using the SHA-1 hashing algorithm
    3. Salting
    4. Double-hashing

  194. Jim starts a new job as a system engineer and his boss provides him with a document entitled “Forensic Response Guidelines.” Which one of the following statements is not true?

    1. Jim must comply with the information in this document.
    2. The document contains information about forensic examinations.
    3. Jim should read the document thoroughly.
    4. The document is likely based on industry best practices.

  195. Which one of the following tools is most often used for identification purposes and is not suitable for use as an authenticator?

    1. Password
    2. Retinal scan
    3. Username
    4. Token

  196. Ben needs to verify that the most recent patch for his organization’s critical application did not introduce issues elsewhere. What type of testing does Ben need to conduct to ensure this?

    1. Unit testing
    2. White box
    3. Regression testing
    4. Black box

  197. Tamara recently decided to purchase cyberliability insurance to cover her company’s costs in the event of a data breach. What risk management strategy is she pursuing?

    1. Risk acceptance
    2. Risk mitigation
    3. Risk transference
    4. Risk avoidance

  198. Which of the following is not one of the four canons of the (ISC)2 code of ethics?

    1. Avoid conflicts of interest that may jeopardize impartiality.
    2. Protect society, the common good, necessary public trust and confidence, and the infrastructure.
    3. Act honorably, honestly, justly, responsibly, and legally.
    4. Provide diligent and competent service to principals.

  199. Jim wants to allow a partner organization’s Active Directory forest (B) to access his domain forest’s (A)’s resources but doesn’t want to allow users in his domain to access B’s resources. He also does not want the trust to flow upward through the domain tree as it is formed. What should he do?

    1. Set up a two-way transitive trust.
    2. Set up a one-way transitive trust.
    3. Set up a one-way nontransitive trust.
    4. Set up a two-way nontransitive trust.

  200. Susan’s team is performing code analysis by manually reviewing the code for flaws. What type of analysis are they performing?

    1. Gray box
    2. Static
    3. Dynamic
    4. Fuzzing

  201. The IP address 201.19.7.45 is what type of address?

    1. A public IP address
    2. An RFC 1918 address
    3. An APIPA address
    4. A loopback address

  202. Sam is a security risk analyst for an insurance company. He is currently examining a scenario where a hacker might use a SQL injection attack to deface a web server due to a missing patch in the company’s web application. In this scenario, what is the vulnerability?

    1. Unpatched web application
    2. Web defacement
    3. Hacker
    4. Operating system

  203. Which one of the following categories of secure data removal techniques would include degaussing?

    1. Clear
    2. Shrink
    3. Purge
    4. Destroy

  204. What type of alternate processing facility includes all of the hardware and data necessary to restore operations in a matter of minutes or seconds?

    1. Hot site
    2. Warm site
    3. Cold site
    4. Mobile site

  205. What UDP port is typically used by the syslog service?

    1. 443
    2. 514
    3. 515
    4. 445

  206. Fred finds a packet that his protocol analyzer shows with both PSH and URG set. What type of packet is he looking at, and what do the flags mean?

    1. A UDP packet; PSH and URG are used to indicate that the data should be sent at high speed
    2. A TCP packet; PSH and URG are used to clear the buffer and indicate that the data is urgent
    3. A TCP packet; PSH and URG are used to preset the header and indicate that the speed of the network is unregulated
    4. A UDP packet; PSH and URG are used to indicate that the UDP buffer should be cleared and that the data is urgent

  207. What code review process is shown here?

    Diagram shows a process that includes planning, overview, preparation, inspection, rework, follow-up and a feedback connection from rework to planning stage.
    1. Static inspection
    2. Fagan inspection
    3. Dynamic inspectiom
    4. Interface testing

  208. During a log review, Karen discovers that the system she needs to gather logs from has the log setting shown here. What problem is Karen likely to encounter?

    Diagram shows a corporate network and a data center. Data center includes firewall, SIEM appliance, Linux web server and Linux database server. Corporate network includes Windows desktop systems and Wi-Fi access points.
    1. Too much log data will be stored on the system.
    2. The system is automatically purging archived logs.
    3. The logs will not contain the information needed.
    4. The logs will only contain the most recent 20 MB of log data.

  209. The ESP component of IPSec provides what two functions?

    1. Authentication and integrity
    2. Confidentiality and authentication
    3. Nonrepudiation and authentication
    4. Confidentiality and availability

    Questions 210–213 refer to the following scenario.

    Alejandro is an incident response analyst for a large corporation. He is on the midnight shift when an intrusion detection system alerts him to a potential brute-force password attack against one of the company’s critical information systems. He performs an initial triage of the event before taking any additional action.

  210. What stage of the incident response process is Alejandro currently conducting?

    1. Detection
    2. Response
    3. Recovery
    4. Mitigation

  211. If Alejandro’s initial investigation determines that a security incident is likely taking place, what should be his next step?

    1. Investigate the root cause.
    2. File a written report.
    3. Activate the incident response team.
    4. Attempt to restore the system to normal operations.

  212. As the incident response progresses, during which stage should the team conduct a root cause analysis?

    1. Response
    2. Reporting
    3. Remediation
    4. Lessons Learned

  213. Barry recently received a message from Melody that Melody encrypted using symmetric cryptography. What key should Barry use to decrypt the message?

    1. Barry’s public key
    2. Barry’s private key
    3. Melody’s public key
    4. Shared secret key

  214. After you do automated functional testing with 100 percent coverage of an application, what type of error is most likely to remain?

    1. Business logic errors
    2. Input validation errors
    3. Runtime errors
    4. Error handling errors

  215. During what phase of the incident response process would security professionals analyze the process itself to determine whether any improvements are warranted?

    1. Lessons Learned
    2. Remediation
    3. Recovery
    4. Reporting

  216. What law prevents the removal of protection mechanisms placed on a copyrighted work by the copyright holder?

    1. HIPAA
    2. DMCA
    3. GLBA
    4. ECPA

  217. Linda is selecting a disaster recovery facility for her organization, and she wishes to retain independence from other organizations as much as possible. She would like to choose a facility that balances cost and recovery time, allowing activation in about one week after a disaster is declared. What type of facility should she choose?

    1. Cold site
    2. Warm site
    3. Mutual assistance agreement
    4. Hot site

  218. What term is used to describe two-way communications in which only one direction can send at a time?

    1. Duplex
    2. Half-duplex
    3. Simplex
    4. Suplex

  219. What type of penetration testing provides detail on the scope of a penetration test—including items like what systems would be targeted—but does not provide full visibility into the configuration or other details of the systems or networks the penetration tester must test?

    1. Crystal box
    2. White box
    3. Black box
    4. Gray box

  220. Test coverage is computed using which of the following formulas?

    1. Number of use cases tested/total number of use cases
    2. Number of lines of code tested/total number of lines of code
    3. Number of functions tested/total number of functions
    4. Number of conditional branches tested/Total number of testable branches

  221. TCP and UDP both operate at what layer of the OSI model?

    1. Layer 2
    2. Layer 3
    3. Layer 4
    4. Layer 5

  222. Which one of the following goals of physical security environments occurs first in the functional order of controls?

    1. Delay
    2. Detection
    3. Deterrence
    4. Denial

  223. In what type of trusted recovery process does the system recover against one or more failure types without administrator intervention with potential data loss?

    1. Automated recovery
    2. Manual recovery
    3. Automated recovery without undue data loss
    4. Function recovery

  224. Skip needs to transfer files from his PC to a remote server. What protocol should he use instead of FTP?

    1. SCP
    2. SSH
    3. HTTP
    4. Telnet

  225. Ben’s New York–based commercial web service collects personal information from California residents. What does the California Online Privacy Protection Act require Ben to do to be compliant?

    1. Ben must encrypt all personal data he receives.
    2. Ben must comply with the EU DPD.
    3. Ben must have a conspicuously posted privacy policy on his site.
    4. Ben must provide notice and choice for users of his website.

  226. What process is used to verify that a dial-up user is connecting from the phone number they are preauthorized to use in a way that avoids spoofing?

    1. CallerID
    2. Callback
    3. CHAP
    4. PPP

  227. In the diagram shown here of security boundaries within a computer system, what component’s name has been replaced with XXX?

    Diagram shows user space on top half which includes three blocks of processes and kernel on bottom half which includes a block labeled as XXX inside TCB block.
    1. Reference monitor
    2. Privileged core
    3. Security perimeter
    4. User kernel

  228. Why are iris scans preferable to most other types of biometric factors?

    1. Iris scanners are harder to deceive.
    2. Irises don’t change as much as other factors.
    3. Iris scanners are cheaper than other factors.
    4. Iris scans cannot be easily replicated.

  229. Alex has ensured that all of his staff have signed nondisclosure agreements to help protect his organization’s intellectual property and data. What potential issue is Alex working to deal with?

    1. Data exfiltration
    2. Personnel retention
    3. Data breach
    4. Nonproprietary data sharing

  230. Matthew, Richard, and Christopher would like to exchange messages with each other using symmetric cryptography. They want to ensure that each individual can privately send a message to another individual without the third person being able to read the message. How many keys do they need?

    1. 1
    2. 2
    3. 3
    4. 6

  231. Which one of the following is not an example of criminal law?

    1. Gramm Leach Bliley Act
    2. Computer Fraud and Abuse Act
    3. Electronic Communications Privacy Act
    4. Identity Theft and Assumption Deterrence Act

  232. What is the best way to ensure email confidentiality in motion?

    1. Use TLS between the client and server.
    2. Use SSL between the client and server.
    3. Encrypt the email content.
    4. Use a digital signature.

  233. Brenda is analyzing the web server logs after a successful compromise of her organization’s web-based order processing application. She finds an entry in the log file showing that a user entered the following information as his last name when placing an order:

    Smith';DROP TABLE orders;--

    What type of attack was attempted?

    1. Buffer overflow
    2. Cross-site scripting
    3. Cross-site request forgery
    4. SQL injection

  234. What type of policy describes how long data is kept before destruction?

    1. Classification
    2. Audit
    3. Record retention
    4. Availability

  235. What is the goal of the BCP process?

    1. RTO<MTD
    2. MTD<RTO
    3. RPO<MTD
    4. MTD<RPO

  236. During which phase of the incident response process would administrators design new security controls intended to prevent a recurrence of the incident?

    1. Reporting
    2. Recovery
    3. Remediation
    4. Lessons Learned

  237. Bethany received an email from one of her colleagues with an unusual attachment named smime.p7s. She does not recognize the attachment and is unsure what to do. What is the most likely scenario?

    1. This is an encrypted email message.
    2. This is a phishing attack.
    3. This is embedded malware.
    4. This is a spoofing attack.

    Questions 238–241 refer to the following scenario.

    Kim is the database security administrator for Aircraft Systems, Inc. (ASI). ASI is a military contractor engaged in the design and analysis of aircraft avionics systems and regularly handles classified information on behalf of the government and other government contractors. Kim is concerned about ensuring the security of information stored in ASI databases.

    Kim’s database is a multilevel security database, and different ASI employees have different security clearances. The database contains information on the location of military aircraft containing ASI systems to allow ASI staff to monitor those systems.

  238. Kim learned that the military is planning a classified mission that involves some ASI aircraft. She is concerned that employees not cleared for the mission may learn of it by noticing the movement of many aircraft to the region. What type of attack is Kim concerned about?

    1. Aggregation
    2. SQL injection
    3. Inference
    4. Multilevel security

  239. What technique can Kim employ to prevent employees not cleared for the mission from learning the true location of the aircraft?

    1. Input validation
    2. Polyinstantiation
    3. Parameterization
    4. Server-side validation

  240. Kim’s database uniquely identifies aircraft by using their tail number. Which one of the following terms would not necessarily accurately describe the tail number?

    1. Database field
    2. Foreign key
    3. Primary key
    4. Candidate key

  241. Kim would like to create a key that enforces referential integrity for the database. What type of key does she need to create?

    1. Primary key
    2. Foreign key
    3. Candidate key
    4. Master key

  242. Doug is choosing a software development life-cycle model for use in a project he is leading to develop a new business application. He has very clearly defined requirements and would like to choose an approach that places an early emphasis on developing comprehensive documentation. He does not have a need for the production of rapid prototypes or iterative improvement. Which model is most appropriate for this scenario?

    1. Agile
    2. Waterfall
    3. Spiral
    4. DevOps

  243. Which individual bears the ultimate responsibility for data protection tasks?

    1. Data owner
    2. Data custodian
    3. User
    4. Auditor

  244. What should be true for salts used in password hashes?

    1. A single salt should be set so passwords can be de-hashed as needed.
    2. A single salt should be used so the original salt can be used to check passwords against their hash.
    3. Unique salts should be stored for each user.
    4. Unique salts should be created every time a user logs in.

  245. What type of assessment methods are associated with mechanisms and activities based on the recommendations of NIST SP800-53A, the Guide for Assessing Security Controls in Federal Information Systems?

    1. Examine and interview
    2. Test and assess
    3. Test and interview
    4. Examine and test

  246. Which one of the following controls would be most effective in detecting zero-day attack attempts?

    1. Signature-based intrusion detection
    2. Anomaly-based intrusion detection
    3. Strong patch management
    4. Full-disk encryption

  247. The ability to store and generate passwords, provide logging and auditing capabilities, and allow password check-in and check-out are all features of what type of system?

    1. AAA
    2. Credential management
    3. Two-factor authentication
    4. Kerberos

  248. Which one of the following components should be included in an organization’s emergency response guidelines?

    1. Secondary response procedures for first responders
    2. Long-term business continuity protocols
    3. Activation procedures for the organization’s cold sites
    4. Contact information for ordering equipment

  249. When Jim enters his organization’s data center, he has to use a smart card and code to enter, and is allowed through one set of doors. The first set of doors closes, and he must then use his card again to get through a second set, which locks behind him. What type of control is this, and what is it called?

    1. A physical control; a one-way trapdoor
    2. A logical control; dual-swipe authorization
    3. A directive control; one-way access corridor
    4. A preventive access control; a mantrap

  250. What security control may be used to implement a concept known as two-person control?

    1. Mandatory vacation
    2. Separation of duties
    3. Least privilege
    4. Defense in depth

     

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.12.103.29