Which type of audit can be used to determine whether accounts have been established properly and verify that privilege creep isn't occurring?

What kind of physical access device restricts access to a small number of individuals at one time?

Which of the following is a set of voluntary standards governing encryption?

Which protocol is used to create a secure environment in a wireless network?

An Internet server interfaces with TCP/IP at which layer of the DOD model?

You want to establish a network connection between two LANs using the Internet. Which technology would best accomplish that for you?

Which design concept limits access to systems from outside users while protecting users and systems inside the LAN?

In the key recovery process, which key must be recoverable?

Which kind of attack is designed to overload a particular protocol or service?

Which component of an IDS collects data?

What is the process of making an operating system secure from attack called?

The integrity objective addresses which characteristic of information security?

Which mechanism is used by PKI to allow immediate verification of a certificate's validity?

Which of the following is the equivalent of a VLAN from a physical security perspective?

A user has just reported that he downloaded a file from a prospective client using IM. The user indicates that the file was called account.doc. The system has been behaving unusually since he downloaded the file. What is the most likely event that occurred?

Which mechanism or process is used to enable or disable access to a network resource based on an IP address?

Which of the following would provide additional security to an Internet web server?

What type of program exists primarily to propagate and spread itself to other systems?

An individual presents herself at your office claiming to be a service technician. She wants to discuss your current server configuration. This may be an example of what type of attack?

Which of the following is a major security problem with FTP servers?

Which system would you install to provide active protection and notification of security problems in a network connected to the Internet?

The process of verifying the steps taken to maintain the integrity of evidence is called what?

What encryption process uses one message to hide another?

Which policy dictates how computers are used in an organization?

Which algorithm is used to create a temporary secure session for the exchange of key information?

You've been hired as a security consultant for a company that's beginning to implement handheld devices, such as PDAs. You're told that the company must use an asymmetric system. Which security standard would you recommend it implement?

Which of the following backup methods will generally provide the fastest backup times?

You want to grant access to network resources based on authenticating an individual's retina during a scan. Which security method uses a physical characteristic as a method of determining identity?

Which access control method is primarily concerned with the role that individuals have in the organization?

The process of investigating a computer system for clues into an event is called what?