Chapter 6. Domain 6.0: Organizational Security
Network security and system hardening provide the strongest possible levels of security against directed attacks, but organizational security must also be considered when planning an organization’s data security. Concerns such as redundancy planning, disaster recovery, backup, and restoration policies need to be addressed. After planning for disaster and recovery procedures, it is necessary to plan for incident response, forensics investigations, and protecting the organizations from malice from both external and internal damages. This includes environmental controls and user security awareness training. Although only 12% of the exam is based on the organizational security domain, this is a growing area of security planning. As a prospective security professional, you should also take every opportunity you may find to expand your skill base beyond these basic foundational elements. The following list includes the key areas from Domain 6 that you need to master for the exam:
Explain redundancy planning and its components.
Implement disaster recovery procedures.
Differentiate between and execute appropriate incident response procedures.
Identify and explain applicable legislation and organizational policies.
Explain the importance of environmental controls.
Explain the concept of and how to reduce the risks of social engineering.
Practice Questions
Objective 6.1: Explain redundancy planning and its components.
1. An organization is planning site redundancy. In the event of a catastrophe, the employees simply need to drive to the site, log on, and begin working. Which of the following best meets these requirements?
A. Hot site
B. Warm site
C. Cold site
D. Mirror site
Quick Answer: 328
Detailed Answer: 330
2. An organization is planning site redundancy. In the event of a catastrophe, electricity, bathrooms, and space will be provided. Which of the following best meets these requirements?
A. Hot site
B. Warm site
C. Cold site
D. Mirror site
Quick Answer: 328
Detailed Answer: 330
3. An organization is planning site redundancy. Currently, the organization does not have much money in the budget and requires the most inexpensive solution possible. Which of the following best meets these requirements?
A. Hot site
B. Warm site
C. Cold site
D. Mirror site
Quick Answer: 328
Detailed Answer: 330
4. An organization is planning site redundancy. In the event of a catastrophe, the site should already be configured with power, phone, and network jacks. Which of the following best meets these requirements?
A. Hot site
B. Warm site
C. Cold site
D. Mirror site
Quick Answer: 328
Detailed Answer: 330
5. An organization is planning site redundancy. It has been determined that the organization will contract with a third party for configuring devices, installing applications, and activating resources. All facility supplies should already be intact at the site. Which of the following best meets these requirements?
A. Hot site
B. Warm site
C. Cold site
D. Mirror site
Quick Answer: 328
Detailed Answer: 331
6. An organization is planning site redundancy. It is mandatory that all business operations are available 7 days a week for 24 hours per day. Which of the following best meets these requirements?
A. Hot site
B. Warm site
C. Cold site
D. Mirror site
Quick Answer: 328
Detailed Answer: 331
7. An organization is planning site redundancy. It is mandatory that live operations and recovery testing occurs before an actual catastrophic event happens. Which of the following best meets these requirements?
A. Hot site
B. Warm site
C. Cold site
D. Mirror site
Quick Answer: 328
Detailed Answer: 331
8. An organization operates in an area subject to rolling blackouts. Which of the following is the best method to provide continuous operations?
A. An uninterruptible power supply
B. A generator
C. A redundant electric connection
D. A RAID configuration
Quick Answer: 328
Detailed Answer: 331
9. An organization operates in an area that has frequent brownouts. Which of the following is the best method to provide continuous operations?
A. An uninterruptible power supply
B. A generator
C. A redundant electric connection
D. A RAID configuration
Quick Answer: 328
Detailed Answer: 331
10. An organization is located in an industrial area where there is a large amount of electromagnetic interference (EMI). Which of the following is the best method to provide continuous operations?
A. An uninterruptible power supply
B. A generator
C. A redundant electric connection
D. A RAID configuration
Quick Answer: 328
Detailed Answer: 332
11. A small organization is located in a remote area. When the power is interrupted, it often takes some time for the electric company to restore it. Which of the following is the best method to provide continuous operations?
A. An uninterruptible power supply
B. A generator
C. A redundant electric connection
D. A RAID configuration
Quick Answer: 328
Detailed Answer: 332
12. An organization requires a UPS solution that provides the best isolation from power line problems. Which of the following is the best method to provide continuous operations?
A. Surge protector
B. Standby power supply
C. Ferroresonant UPS system
D. Continuous UPS
Quick Answer: 328
Detailed Answer: 332
13. An organization is located in an area that requires protection against line noise and electromagnetic interference (EMI). Which of the following would best provide the protection required for the organization?
A. Surge protector
B. Standby power supply
C. Ferroresonant UPS system
D. Continuous UPS
Quick Answer: 328
Detailed Answer: 332
14. An organization requires a UPS solution that only activates when the power actually fails. Which of the following is the best method to meet this requirement?
A. Surge protector
B. Standby power supply
C. Ferroresonant UPS system
D. Continuous UPS
Quick Answer: 328
Detailed Answer: 332
15. An organization that operates a nonprofit donation hotline is planning for redundancy. Which of the following would be the most critical component in providing continuous operations?
A. Server redundancy
B. ISP redundancy
C. Phone system redundancy
D. Data disk redundancy
Quick Answer: 328
Detailed Answer: 333
16. An organization that operates a web-based book business is planning for redundancy. Which of the following is the most critical component in providing continuous customer access?
A. Server redundancy
B. ISP redundancy
C. Phone system redundancy
D. Data disk redundancy
Quick Answer: 328
Detailed Answer: 333
17. An organization that operates a small photo backup business is planning for redundancy. Which of the following would be the most critical component in providing continuous operations?
A. Server redundancy
B. ISP redundancy
C. Phone system redundancy
D. Data disk redundancy
Quick Answer: 328
Detailed Answer: 333
18. An organization that operates a large data warehousing business is planning for redundancy using load balancing. Which of the following would best meet the organizational goals?
A. Server redundancy
B. ISP redundancy
C. Phone system redundancy
D. Data disk redundancy
Quick Answer: 328
Detailed Answer: 333
19. An organization that operates a small web-based photo backup business is evaluating single points of failure. The organization has three servers, four switches, and one hundred client systems. Which of the following would be the most likely component(s) to be the single point of failure?
A. Servers
B. ISP connection
C. Client systems
D. Switches
Quick Answer: 328
Detailed Answer: 333
20. An organization is implementing a data availability solution based on a striped disk array without redundancy. Which of the following best describes this implementation?
A. RAID 0
B. RAID 1
C. RAID 5
D. RAID 10
Quick Answer: 328
Detailed Answer: 333
21. An organization requires a solution based on high reliability combined with high performance. Which of the following would best meet the organizational requirements?
A. RAID 0
B. RAID 1
C. RAID 5
D. RAID 10
Quick Answer: 328
Detailed Answer: 334
22. An organization requires a solution that has the best small read, large write performance of any redundancy disk array. Which of the following would best meet the organizational requirements?
A. RAID 0
B. RAID 1
C. RAID 5
D. RAID 10
Quick Answer: 328
Detailed Answer: 334
23. An organization is implementing a simple data redundancy solution that offers 100% redundancy with a tradeoff of 50% disk utilization. Which of the following best describes this implementation?
A. RAID 0
B. RAID 1
C. RAID 5
D. RAID 10
Quick Answer: 328
Detailed Answer: 334
24. An organization is implementing a redundancy plan and is concerned about the need to restore equipment and parts. Which of the following is the best cost-effective method to ensure the availability of replacement parts?
A. Creating an area for broken equipment that can be used for parts
B. Purchasing exact duplicates of the equipment
C. Signing a service level agreement
D. Contracting for a hot site
Quick Answer: 328
Detailed Answer: 334
25. An organization that operates a tax service requires that all branch offices have access to each office’s client files for easier tax preparation. Which of the following would be the most critical component in providing continuous operations?
A. Multiple network cards in each machine
B. Redundant connections between sites
C. Redundant data disks
D. Multiple Internet Service Providers
Quick Answer: 328
Detailed Answer: 334
Objective 6.2: Implement disaster recovery procedures.
1. Which of the following best describes the difference between a disaster recovery plan and a business continuity plan?
A. A disaster recovery plan covers natural disasters while a business continuity plan covers man-made disasters.
B. A disaster recovery plan is a more comprehensive approach than a business continuity plan.
C. A disaster recovery plan covers man-made disasters while a business continuity plan covers natural disasters.
D. A business continuity plan is a more comprehensive approach than a disaster recovery plan.
Quick Answer: 328
Detailed Answer: 334
2. Full data backups are performed weekly on Saturday at 3:00 a.m., and incremental backups are performed each weekday at 3:00 a.m. If a drive failure causes a total loss of data at 9:00 a.m. on Tuesday morning, what is the minimum number of backup tapes that must be used to restore the lost data?
A. One
B. Two
C. Three
D. Four
Quick Answer: 328
Detailed Answer: 335
3. Full data backups are performed weekly on Saturday at 3:00 a.m., and differential backups are performed each weekday at 3:00 a.m. If a drive failure causes a total loss of data at 9:00 a.m. on Thursday morning, what is the minimum number of backup tapes that must be used to restore the lost data?
A. One
B. Two
C. Three
D. Four
Quick Answer: 328
Detailed Answer: 335
4. An organization is formulating a backup strategy. In the event of a total loss of data, which of the following backup methods will provide the fastest data restoration?
A. Incremental
B. Differential
C. Copy
D. Full
Quick Answer: 328
Detailed Answer: 335
5. An organization is implementing a backup strategy using three sets of backup tapes with backup sets rotated on a daily, weekly, and monthly basis. Which of the following best describes this implementation?
A. Grandfather, father, son
B. Grandmother, mother, daughter
C. Tower of Druaga
D. Tower of Hanoi
Quick Answer: 328
Detailed Answer: 335
6. An organization is planning a backup strategy that requires cost-effective solution that will provide backup data for more than a two week time period. Which of the following would best meet the organizational requirements?
A. Grandfather, father, son
B. Ten-tape rotation
C. Tower of Druaga
D. Tower of Hanoi
Quick Answer: 328
Detailed Answer: 335
7. A small organization is planning a backup strategy that requires a simple and cost-effective solution. Which of the following would best meet the organizational requirements?
A. Grandfather, father, son
B. Ten-tape rotation
C. Tower of Druaga
D. Tower of Hanoi
Quick Answer: 328
Detailed Answer: 335
8. Which of the following best describes a written document that defines how an organization will recover from a catastrophe and how it will restore business with minimum delay?
A. Impact analysis
B. Business continuity plan
C. Disaster recovery plan
D. Risk analysis
Quick Answer: 328
Detailed Answer: 336
9. Which of the following is true about the data-restoration process? (Select all correct answers.)
A. It should be stored in a secure manner.
B. It should be stored alongside the servers.
C. It should be included in the employee manual.
D. It should be properly documented.
Quick Answer: 328
Detailed Answer: 336
10. Which of the following is the most secure storage place for backup media?
A. Next to the backup server
B. Locked in a proper safe
C. In the desk of the HR manager
D. In the home of the IT manager
Quick Answer: 328
Detailed Answer: 336
Objective 6.3: Differentiate between and execute appropriate incident response procedures.
1. Which of the following best describes the application of investigative and analytical techniques to acquire and protect potential legal evidence?
A. Due diligence
B. Chain of custody
C. Due process
D. Computer forensics
Quick Answer: 328
Detailed Answer: 336
2. Which of the following best describes the documentation of how evidence traveled from the crime scene to the courtroom?
A. Due diligence
B. Chain of custody
C. Due process
D. Computer forensics
Quick Answer: 328
Detailed Answer: 336
3. Which of the following are concepts behind computer forensics? (Select all correct answers.)
A. Identifying the evidence
B. Identifying the suspect
C. Determining how to preserve the evidence
D. Determining how to prosecute the suspect
Quick Answer: 328
Detailed Answer: 336
4. Which of the following best describes the documentation of how evidence was collected and preserved?
A. Incident response
B. Chain of custody
C. Due process
D. Due diligence
Quick Answer: 328
Detailed Answer: 337
5. As a first responder, which of the following is true about the handling of a suspect’s workspace?
A. The IT department should be allowed to remove the computer.
B. The suspect’s manager should be allowed to examine the area.
C. The suspect should be allowed to remove personal items.
D. No one should be allowed to remove any items from the scene.
Quick Answer: 328
Detailed Answer: 337
6. As a first responder, which of the following is true about the handling of a suspect’s computer?
A. The computer should only be inspected by a trained professional.
B. The suspect’s manager should be allowed to inspect the computer.
C. You should immediately begin to identify suspicious computer files.
D. The IT department should be allowed to inspect the computer.
Quick Answer: 328
Detailed Answer: 337
7. An organization has determined that an incident occurred. Which of the following is the next step the organization would take in the incident analysis process?
A. Contact the press
B. Contact affected vendors
C. Determine the scope
D. Mitigate the risk
Quick Answer: 328
Detailed Answer: 337
8. When an incident occurs, which of the following actions would the organization take first to mitigate the impact?
A. Analysis
B. Containment
C. Remediation
D. Reporting
Quick Answer: 328
Detailed Answer: 337
9. An organization needs help formulating best practices for reporting and disclosing computer security incidents. Which of the following would be of the most help to the organization?
A. Operating system user manuals
B. FBI investigative guidelines
C. Request For Comments (RFC) 2350
D. Request For Comments (RFC) 50
Quick Answer: 328
Detailed Answer: 337
10. Which of the following best describes why it is important to accurately determine the cause of each incident?
A. To update the disaster recovery plan
B. To prevent similar incidents from occurring
C. To catch and prosecute the perpetrator
D. To notify the press and any affected vendors
Quick Answer: 328
Detailed Answer: 337
Objective 6.4: Identify and explain applicable legislation and organizational policies.
1. Which of the following will have the greatest effect on the formulation of organizational policies?
A. The board of directors
B. The needs of the users
C. Current and pending vendor contracts
D. Current and pending legislation
Quick Answer: 329
Detailed Answer: 338
2. An organization is formulating a policy that will define requirements for the classification and security of data and hardware resources based on the harm inflicted if it is disclosed to nonemployees. Which of the following best describes this policy?
A. Information sensitivity policy
B. Acceptable use policy
C. Change management policy
D. Computer security policy
Quick Answer: 329
Detailed Answer: 338
3. An organization is formulating a policy that will provide details that specify what users may do with their network access, including Internet access. Which of the following best describes this policy?
A. Information sensitivity policy
B. Acceptable use policy
C. Change management policy
D. Computer security policy
Quick Answer: 329
Detailed Answer: 338
4. An organization is formulating a policy that will define specific details on any configuration alterations to machines or operating systems. Which of the following best describes this policy?
A. Information sensitivity policy
B. Acceptable use policy
C. Change management policy
D. Computer security policy
Quick Answer: 329
Detailed Answer: 338
5. Upon logon to the network, an organization displays a statement stating that network access is granted under certain conditions and that all activities may be monitored. Which of the following best describes this policy?
A. Information sensitivity policy
B. Acceptable use policy
C. Change management policy
D. Computer security policy
Quick Answer: 329
Detailed Answer: 338
6. At the customer service desk of an electronics vendor, return items are entered by the desk clerk. Before refunds are issued, a manager must review the refund request and enter a password into the system to complete the transaction. Which of the following best describes this action?
A. Due care
B. Due diligence
C. Principle of least privilege
D. Separation of duties
Quick Answer: 329
Detailed Answer: 339
7. An organization has set forth in policies a statement regarding reasonable care a person should take before entering into an agreement or a transaction with another party. Which of the following best describes this statement?
A. Due care
B. Due diligence
C. Due process
D. Due course
Quick Answer: 329
Detailed Answer: 339
8. An organization has set forth in policies a statement regarding knowledge and actions that a reasonable and prudent person would possess or act upon. Which of the following best describes this statement?
A. Due care
B. Due diligence
C. Due process
D. Due course
Quick Answer: 329
Detailed Answer: 339
9. An organization has set forth in policies a statement stating that any employee legal proceedings must be fair. Which of the following best describes this statement?
A. Due care
B. Due diligence
C. Due process
D. Due course
Quick Answer: 329
Detailed Answer: 339
10. An employee entered into a large contract with a vendor without reviewing any of the terms of the contract. The organization suffered a huge financial loss as a result of the terms of the contract. Which of the following principles was violated by this action?
A. Due care
B. Due diligence
C. Due process
D. Due course
Quick Answer: 329
Detailed Answer: 339
11. A network administrator disabled the network firewall to allow his department to post materials to his personal FTP site. During this period of time, a denial of service attack was launched against the network. The organization suffered several hours of downtime. Which of the following principles was violated by this action?
A. Due care
B. Due diligence
C. Due process
D. Due course
Quick Answer: 329
Detailed Answer: 339
12. An employee accused of sexual harassment was promptly dismissed by the immediate supervisor without any notification to human resources or discussion with the accused employee. As a result, the organization became involved in a lengthy lawsuit. Which of the following principles was violated by the immediate supervisor’s actions?
A. Due care
B. Due diligence
C. Due process
D. Due course
Quick Answer: 329
Detailed Answer: 339
13. An organization is establishing policies for dealing with the proper disposal of obsolete hardware. Which of the following specifications does the organization need to consider?
A. Sarbanes-Oxley
B. ISO 9000
C. IEEE specifications
D. ISO 17799
Quick Answer: 329
Detailed Answer: 340
14. An organization is establishing policies for dealing with the proper disposal of obsolete hardware. Which of the following would be appropriate considerations?
A. Accessibility to remnants of legacy data
B. Breaches of health and safety requirements
C. Cost of disposal versus recycling
D. Old equipment necessary to read archived data
Quick Answer: 329
Detailed Answer: 340
15. An organization is establishing policies for dealing with proper media disposal. Which of the following processes would the organization use if it wanted to remove the contents from the media as fully as possible, making it extremely difficult to restore before disposal?
A. Declassification
B. Sanitization
C. Degaussing
D. Destruction
Quick Answer: 329
Detailed Answer: 340
16. Which of the following policies would an organization implement to help protect the network passwords from hackers?
A. Password complexity
B. Random generated passwords
C. Password storage in reversible encryption
D. Default passwords
Quick Answer: 329
Detailed Answer: 340
17. An organization is formulating a change management policy. After a system change has been requested, documented, and approved, which of the following should occur?
A. Implementation
B. Management notification
C. User notification
D. Workarounds
Quick Answer: 329
Detailed Answer: 340
18. An organization is implementing information classification levels. Confidential information that could influence the organization’s operational effectiveness and cause financial loss if it became public, is considered which of the following classifications?
A. Class 1
B. Class 2
C. Class 3
D. Class 4
Quick Answer: 329
Detailed Answer: 340
19. An organization is implementing information classification levels. High-security internal information that defines the way in which the organization operates is considered which of the following classifications?
A. Top secret
B. Proprietary
C. Internal use only
D. Public documents
Quick Answer: 329
Detailed Answer: 340
20. An organization is implementing information classification levels. Highly sensitive internal documents and data to which very few employees should have access is considered which of the following classifications?
A. Top secret
B. Proprietary
C. Internal use only
D. Public documents
Quick Answer: 329
Detailed Answer: 341
21. An organization is implementing information classification levels. Restricted information that is unlikely to result in financial loss or serious damage to the organization is considered which of the following classifications?
A. Top secret
B. Proprietary
C. Internal use only
D. Public documents
Quick Answer: 329
Detailed Answer: 341
22. A financial institution is establishing policies that address balance of power. Which of the following principles is the financial institution most likely to implement?
A. Due care
B. Due diligence
C. Principle of least privilege
D. Separation of duties
Quick Answer: 329
Detailed Answer: 341
23. A financial institution is establishing policies that outline the manner in which a user is associated with necessary information and system resources. It has been discovered that due to the nature of the position, the systems administrators never have scheduled time off and are on call during any scheduled days off. Which of the following principles will the institution implement to remedy this situation?
A. Mandatory vacations
B. Security compliance
C. Principle of least privilege
D. Due diligence
Quick Answer: 329
Detailed Answer: 341
24. A financial institution is establishing policies that address balance of power. Which of the following actions can the financial institution implement to keep one person from having complete control of a transaction from beginning to end? (Select all correct answers.)
A. Job rotation
B. Change management
C. Mandatory vacations
D. Cross-training
Quick Answer: 329
Detailed Answer: 341
25. An organization is establishing a policy for dealing with privacy-sensitive information. Which of the following information would have to be included in the policy? (Select all correct answers.)
A. Email address
B. Name
C. Address
D. Group membership
Quick Answer: 329
Detailed Answer: 342
26. Which of the following aspects of security policy planning details how fast a vendor must have a new server delivered onsite?
A. Business impact analysis
B. Service level agreement
C. Disaster recovery plan
D. Disaster recovery policies
Quick Answer: 329
Detailed Answer: 342
27. Which of the following aspects of security policy planning spells out the processes, service expectations, and service metrics expected by parties involved in a cooperative partnership?
A. Business impact analysis
B. Service level agreement
C. Disaster recovery plan
D. Disaster recovery policies
Quick Answer: 329
Detailed Answer: 342
28. When termination involves a power user with high-level access rights or knowledge of service administrator passwords, which of the following should the organization do?
A. Immediately wipe the user’s computer
B. Conduct a thorough exit interview
C. Institute password and security updates
D. Thoroughly search the user’s work area
Quick Answer: 329
Detailed Answer: 342
29. An organization is implementing a user-awareness training program. Valuable information can be gathered by hackers and other agents seeking unauthorized access through information posted on the organizational website about which of the following groups?
A. Executives
B. IT administrators
C. Organizational users
D. Security guards
Quick Answer: 329
Detailed Answer: 342
30. An organization is implementing a user-awareness training program. Which of the following groups can provide the most valuable support for security initiatives to ensure that published security training and other requirements are applied to all users equally?
A. Executives
B. IT administrators
C. Organizational users
D. Security guards
Quick Answer: 329
Detailed Answer: 342
Objective 6.5: Explain the importance of environmental controls.
1. An organization is planning to purchase a fire-suppression system. Certain areas of the building require a system that has water under pressure in it at all times. Which of the following best describes this type of system?
A. Dry pipe
B. Wet pipe
C. Deluge
D. Preaction
Quick Answer: 329
Detailed Answer: 343
2. Which of the following best describes the difference between a wet-pipe and a dry-pipe fire-suppression system?
A. A wet-pipe system uses wet chemicals that deploy after the pipe loses air pressure, whereas a dry-pipe system uses dry chemicals that deploy before the pipe loses air pressure.
B. A dry-pipe system uses dry chemicals, whereas a wet-pipe system uses wet chemicals.
C. A dry-pipe system uses air to suppress fire, whereas a wet-pipe system uses water.
D. A wet-pipe system has water in the pipe at all times, whereas in a dry-pipe system water is used but is held back by a valve until a certain temperature is reached.
Quick Answer: 329
Detailed Answer: 343
3. Class A fires involve which of the following?
A. Energized electrical equipment, electrical fire, and burning wires
B. Flammable liquids, gases, and greases
C. Trash, wood, and paper
D. Combustible metals such as magnesium, titanium, and sodium
Quick Answer: 329
Detailed Answer: 343
4. An organization is evaluating its environmental controls. Which of the following cable types carries an inherent danger due to the fact that it is easy to add devices to the network via open ports on unsecured hubs and switches? (Select all correct answers.)
A. Shielded twisted pair
B. Coaxial
C. Unshielded twisted pair
D. Fiber optic
Quick Answer: 329
Detailed Answer: 343
5. Class C fires involve which of the following?
A. Energized electrical equipment, electrical fire, and burning wires
B. Flammable liquids, gases, and greases
C. Trash, wood, and paper
D. Combustible metals such as magnesium, titanium, and sodium
Quick Answer: 329
Detailed Answer: 343
6. Class D fires involve which of the following?
A. Energized electrical equipment, electrical fire, and burning wires
B. Flammable liquids, gases, and greases
C. Trash, wood, and paper
D. Combustible metals such as magnesium, titanium, and sodium
Quick Answer: 329
Detailed Answer: 343
7. Class A fires can be extinguished using which of the following?
A. Foam
B. Water
C. Sodium chloride
D. Carbon dioxide
Quick Answer: 329
Detailed Answer: 343
8. Class B fires can be extinguished using which of the following?
A. Foam
B. Water
C. Sodium chloride
D. Carbon dioxide
Quick Answer: 329
Detailed Answer: 344
9. Class C fires can be extinguished using which of the following?
A. Foam
B. Water
C. Sodium chloride
D. Carbon dioxide
Quick Answer: 329
Detailed Answer: 344
10. Class D fires can be extinguished using which of the following?
A. Foam
B. Water
C. Sodium chloride
D. Carbon dioxide
Quick Answer: 329
Detailed Answer: 344
11. In fire-suppression systems, which of the following has replaced halon?
A. Foam
B. Water
C. Sodium chloride
D. Carbon dioxide
Quick Answer: 329
Detailed Answer: 344
12. When selecting a location for a building, an organization should investigate which of the following? (Select all correct answers.)
A. Crime rate
B. Proximity to an electronics store
C. Type of neighborhood
D. Emergency response times
Quick Answer: 329
Detailed Answer: 344
13. An organization that has several small branches in North Dakota, Minnesota, and Ontario, Canada, is planning for a fire-suppression system installation. Which of the following will best fit the needs of the organization?
A. Dry pipe
B. Wet pipe
C. Deluge
D. Preaction
Quick Answer: 329
Detailed Answer: 344
14. Which of the following is an inherent risk to equipment associated with overcooling?
A. RFI
B. Condensation
C. EMF
D. Static
Quick Answer: 329
Detailed Answer: 344
15. Which of the following is an inherent risk to equipment associated with using dehumidifiers?
A. RFI
B. Condensation
C. EMF
D. Static
Quick Answer: 329
Detailed Answer: 345
16. Which of the following is an inherent risk to equipment components associated with high levels of humidity?
A. Rust
B. ESD
C. EMF
D. Solidification
Quick Answer: 329
Detailed Answer: 345
17. An organization requires a cable types that is secure and can only be tapped by interrupting the service or using specially constructed equipment. Which of the following will best fit the needs of the organization?
A. Shielded twisted pair
B. Coaxial
C. Unshielded twisted pair
D. Fiber optic
Quick Answer: 329
Detailed Answer: 345
18. An organization is planning to protect the environment through the use of shielding. Which of the following can be an efficient and cost-effective way to protect a large quantity of equipment from electronic eavesdropping?
A. Electron configuration table
B. Electromagnetic field
C. Faraday cage
D. TEMPEST
Quick Answer: 329
Detailed Answer: 345
19. An organization is planning to protect the environment through the use of shielding. The equipment is in a corporate environment that process government and military highly classified information. Which of the following best meets the requirements of the organization?
A. Electron configuration table
B. Electromagnetic field
C. Faraday cage
D. TEMPEST
Quick Answer: 329
Detailed Answer: 345
20. An organization requires a cabling solution that is not susceptible to eavesdropping. Which of the following cable types should automatically be eliminated from the list of viable solutions?
A. Shielded twisted pair
B. Coaxial
C. Unshielded twisted pair
D. Fiber optic
Quick Answer: 329
Detailed Answer: 345
Objective 6.6: Explain the concept of and how to reduce the risks of social engineering.
1. A help desk employee receives a call from someone who is posing as a technical aide attempting to update some type of information, and asks for identifying user details that may then be used to gain access. Which of the following type of attack has occurred?
A. Pharming
B. Social engineering
C. Phishing
D. Shoulder surfing
Quick Answer: 329
Detailed Answer: 346
2. A help desk employee receives a call from the administrative assistant. She has received an email stating if she doesn’t respond within 48 hours with certain personal information, the corporate bank account will be closed. Which of the following type of attack has occurred?
A. Pharming
B. Social engineering
C. Phishing
D. Shoulder surfing
Quick Answer: 329
Detailed Answer: 346
3. An organization recently has experienced large volumes of phishing scans. Which of the following is the best defense against this type of attack?
A. S/MIME
B. Antivirus software
C. Email filtering
D. User education
Quick Answer: 329
Detailed Answer: 346
4. The help desk is flooded with calls from users that received an email warning them of a new virus. The mail instructed the users to search for and delete several files from their systems. Many of the users who attempted to reboot their systems after deleting the specified files are having difficulties and the machines are not rebooting properly. Which of the following type of attack has occurred?
A. Pharming
B. Hoax
C. Phishing
D. Spam
Quick Answer: 329
Detailed Answer: 346
5. An organization discovers that many employees have been responding to chain letter emails. Which of the following is the greatest concern to the organization?
A. Undue burden on resources.
B. They may contain viruses.
C. Theft of proprietary information.
D. Nothing, chain letters are harmless.
Quick Answer: 329
Detailed Answer: 346
6. An organization discovers that city laws do not require special disposal of computer equipment. As a result, when equipment fails, employees throw it in the trash. Which of the following is the greatest concern to the organization?
A. Health hazards
B. Social engineering
C. Dumpster diving
D. Shoulder surfing
Quick Answer: 329
Detailed Answer: 347
7. An organization does not have a document disposal policy in place, nor does it have recycling or shredding bins. As a result, when employees no longer need printed information it is throw it in the trash. Which of the following is the greatest concern to the organization?
A. Fire hazards
B. Social engineering
C. Dumpster diving
D. Shoulder surfing
Quick Answer: 329
Detailed Answer: 347
8. An organization allows employees to access confidential data remotely. Many of the sales staff spend extended time in public places and use this downtime to catch up on work. Which of the following is the greatest concern to the organization?
A. Virus infection
B. Social engineering
C. Dumpster diving
D. Shoulder surfing
Quick Answer: 329
Detailed Answer: 347
9. An organization using keypad entry for all external doors is located in a busy and congested complex. The organization is concerned about shoulder surfing. Which of the following would provide the best defense against this type of attack?
A. Hand cupping
B. Biometrics
C. Security guards
D. Deadbolts
Quick Answer: 329
Detailed Answer: 347
10. An attacker disconnects several cables from an unattended reception area then offers the receptionist his business card as a computer repair technician when she returns. While waiting to see whether the IT manager is available to see him, the receptionist’s computer appears to fail. Which of the following type of attack has occurred?
A. Reverse social engineering
B. Denial of service
C. Shoulder surfing
D. Phishing
Quick Answer: 329
Detailed Answer: 347
11. An organization using keypad entry for all external doors is located in a busy and congested complex. The organization is concerned about shoulder surfing. Which of the following would provide an immediate defense against this type of attack?
A. Hand cupping
B. Biometrics
C. Security guards
D. Deadbolts
Quick Answer: 329
Detailed Answer: 348
12. Which of the following are examples of social engineering? (Select all correct answers.)
A. An attacker pretends to be an executive who forgot his password to gain access to credentials.
B. An attacker presents a fake UPS ID to gain entrance to a specific floor of the building.
C. An attacker uses a wireless packet sniffer to monitor user credentials.
D. An attacker piggybacks into the building behind an unsuspecting employee.
Quick Answer: 329
Detailed Answer: 348
13. Which of the following is true regarding the scope of security awareness training for management?
A. The focus should be the same as for users.
B. The focus should be on program costs.
C. The focus should be on business impact.
D. The focus should be the same as for IT staff.
Quick Answer: 329
Detailed Answer: 348
14. Which of the following are essential components in an organizational security awareness program that attempts to minimize vulnerabilities created by social engineering? (Select all correct answers.)
A. Security posters
B. Regular reminders
C. Scheduled training
D. Clear policies
Quick Answer: 329
Detailed Answer: 348
15. Which of the following would be items addressed in a user security awareness training program? (Select all correct answers.)
A. How to react to someone who has piggybacked into the building
B. How to properly exit the building when the fire alarm is activated
C. What to do when their computer is suspected of having a malware infection
D. What to do when an administrator calls and asks for a user’s password
Quick Answer: 329
Detailed Answer: 348
Quick-Check Answer Key
Objective 6.1: Explain redundancy planning and its components.
1. A
2. C
3. C
4. B
5. B
6. A
7. A
8. B
9. A
10. A
11. B
12. D
13. C
14. B
15. C
16. B
17. D
18. A
19. B
20. A
21. D
22. C
23. B
24. C
25. B
Objective 6.2: Implement disaster recovery procedures.
1. D
2. C
3. B
4. D
5. A
6. D
7. B
8. C
9. A, D
10. B
Objective 6.3: Differentiate between and execute appropriate incident response procedures.
1. D
2. B
3. A, C
4. B
5. D
6. A
7. C
8. B
9. C
10. B
Objective 6.4: Identify and explain applicable legislation and organizational policies.
1. D
2. A
3. B
4. C
5. B
6. D
7. B
8. A
9. C
10. B
11. A
12. C
13. D
14. A, B, D
15. B
16. A
17. C
18. C
19. B
20. A
21. C
22. D
23. A
24. A, C, D
25. A, B, C
26. B
27. B
28. C
29. A
30. A
Objective 6.5: Explain the importance of environmental controls.
1. B
2. D
3. C
4. A, C
5. A
6. D
7. B
8. A
9. D
10. C
11. D
12. A, C, D
13. A
14. B
15. D
16. A
17. D
18. C
19. D
20. B
Objective 6.6: Explain the concept of and how to reduce the risks of social engineering.
1. B
2. C
3. D
4. B
5. A
6. C
7. C
8. D
9. B
10. A
11. A
12. A, B
13. C
14. B, C, D
15. A, D
Answers and Explanations
Objective 6.1: Explain redundancy planning and its components.
1. Answer: A. A hot site is similar to the original site in that it has all the equipment needed for the organization to continue operations. This type of site is similar to the original site in that it is equipped with all necessary hardware, software, network, and Internet connectivity fully installed, configured, and operational. Answer B is incorrect because a warm site is a scaled-down version of a hot site. The site is generally configured with power, phone, and network jacks. The site may have computers and other resources, but they are not configured and ready to go. Answer C is incorrect because a cold site does not provide any equipment. These sites are merely a prearranged request to use facilities if needed. Electricity, bathrooms, and space are about the only facilities provided in a cold site contract. Answer D is incorrect because a mirror site is an exact copy of another Internet site.
2. Answer: C. A cold site does not provide any equipment. These sites are merely a prearranged request to use facilities if needed. Electricity, bathrooms, and space are about the only facilities provided in a cold site contract. Answer A is incorrect. A hot site is similar to the original site in that it has all the equipment needed for the organization to continue operations. This type of site is similar to the original site in that it is equipped with all necessary hardware, software, network, and Internet connectivity fully installed, configured, and operational. Answer B is incorrect because a warm site is a scaled-down version of a hot site. The site is generally configured with power, phone, and network jacks. The site may have computers and other resources, but they are not configured and ready to go. Answer D is incorrect because a mirror site is an exact copy of another Internet site.
3. Answer: C. A cold site is the weakest of the recovery plan options but also the cheapest. These sites are merely a prearranged request to use facilities if needed. Electricity, bathrooms, and space are about the only facilities provided in a cold site contract. Answer A is incorrect. A hot site is similar to the original site in that it has all the equipment needed for the organization to continue operations, such as hardware and furnishings. Answer B is incorrect because a warm site is a scaled-down version of a hot site. The site is generally configured with power, phone, and network jacks. The site may have computers and other resources, but they are not configured and ready to go. Answer D is incorrect because a mirror site is an exact copy of another Internet site.
4. Answer: B. A warm site is a scaled-down version of a hot site. The site is generally configured with power, phone, and network jacks. The site may have computers and other resources, but they are not configured and ready to go. Answer A is incorrect. A hot site is similar to the original site in that it has all the equipment needed for the organization to continue operations, such as hardware and furnishings. Answer C is incorrect because a cold site does not provide any equipment. These sites are merely a prearranged request to use facilities if needed. Answer D is incorrect because a mirror site is an exact copy of another Internet site.
5. Answer: B. A warm site is a scaled-down version of a hot site. The site may have computers and other resources, but they are not configured and ready to go. It is assumed that the organization itself will configure the devices, install applications, and activate resources or that it will contract with a third party for these services. Answer A is incorrect because a hot site is similar to the original site in that it has all the equipment needed for the organization to continue operations, such as hardware and furnishings. Answer C is incorrect because a cold site does not provide any equipment. These sites are merely a prearranged request to use facilities if needed. Answer D is incorrect because a mirror site is an exact copy of another Internet site.
6. Answer: A. A hot site is a site location that is already running and is available 7 days a week for 24 hours per day. Answer B is incorrect because a warm site is a scaled-down version of a hot site. The site is generally configured with power, phone, and network jacks. The site may have computers and other resources, but they are not configured and ready to go. Answer C is incorrect because a cold site does not provide any equipment. These sites are merely a prearranged request to use facilities if needed. Answer D is incorrect because a mirror site is an exact copy of another Internet site.
7. Answer: A. A hot site is similar to the original site in that it has all the equipment needed for the organization to continue operations. This type of site is similar to the original site in that it is equipped with all necessary hardware, software, network, and Internet connectivity fully installed, configured, and operational. Hot sites are traditionally more expensive, but they can be used for operations and recovery testing before an actual catastrophic event occurs. Answer B is incorrect because a warm site is a scaled-down version of a hot site. The site is generally configured with power, phone, and network jacks. Answer C is incorrect because a cold site does not provide any equipment. These sites are merely a prearranged request to use facilities if needed. Answer D is incorrect because a mirror site is an exact copy of another Internet site.
8. Answer: B. Backup power is a power supply that will run the power for your organization in the case of a power outage. This can be done through the use of a gas-powered generator. A generator can be used for rolling blackouts, emergency blackouts, or electrical problems. Answer A is incorrect because an interruptible power supply protects the environment from damaging fluctuations in power and cannot sustain power outages for a long period of time. Answer C is incorrect because most electric companies only service one area. If it is possible to contract with another service provider, the cost will most likely be prohibitive. Answer D is incorrect because RAID does not protect against electrical failures.
9. Answer: A. Brownouts are short-term decreases in voltage levels that most often occur when motors are started or are triggered by faults on the utility provider’s system. To protect your environment from such damaging fluctuations in power, always connect your sensitive electronic equipment to power conditioners, surge protectors, and a UPS, which provides the best protection of all. Answer B is incorrect because a generator is used for rolling blackouts, emergency blackouts, or electrical problems. Answer C is incorrect because most electric companies only service one area. If it is possible to contract with another service provider, the cost will most likely be prohibitive. Answer D is incorrect because RAID does not protect against electrical failures.
10. Answer: A. Power variations called noise are also referred to as electromagnetic interference (EMI). To protect your environment from such damaging fluctuations in power, always connect your sensitive electronic equipment to power conditioners, surge protectors, and a UPS, which provides the best protection of all. Answer B is incorrect because a generator is used for rolling blackouts, emergency blackouts, or electrical problems. Answer C is incorrect because most electric companies only service one area. If it is possible to contract with another service provider, the cost will most likely be prohibitive. Answer D is incorrect because RAID does not protect against electrical failures.
11. Answer: B. Backup power is a power supply that will run the power for your organization in the case of a power outage. This can be done through the use of a gas-powered generator. A generator can be used for rolling blackouts, emergency blackouts, or electrical problems. Answer A is incorrect because an interruptible power supply protects the environment from damaging fluctuations in power and cannot sustain power levels for a long period of time. Answer C is incorrect because most electric companies only service one area. If it is possible to contract with another service provider, the cost will most likely be prohibitive. Answer D is incorrect because RAID does not protect against electrical failures.
12. Answer: D. In a continuous UPS, also called an “online” UPS, the computer is always running off of battery power, and the battery is continuously being recharged. There is no switchover time, and these supplies generally provide the best isolation from power line problems. Answer A is incorrect. A surge protector is designed to protect electrical devices from voltage spikes by limiting the surge to acceptable levels that electronic equipment can handle. This device does not regulate or supply any power in the event of sags. Answer B is incorrect. A standby power supply (SPS) is also referred to as an “offline” UPS. In this type of supply, power usually derives directly from the power line, until power fails. Answer C is incorrect because a ferroresonant UPS system maintains a constant output voltage even with a varying input voltage and provides good protection against line noise.
13. Answer: C. A ferroresonant UPS system maintains a constant output voltage even with a varying input voltage and provides good protection against line noise. Answer A is incorrect; a surge protector is designed to protect electrical devices from voltage spikes, not supply power. Answer B is incorrect; a standby power supply (SPS) is also referred to as an “offline” UPS. In this type of supply, power usually derives directly from the power line, until power fails. Answer D is incorrect; in a continuous UPS, also called an “online” UPS, the computer is always running off of battery power, and the battery is continuously being recharged. There is no switchover time, and these supplies generally provide the best isolation from power line problems.
14. Answer: B. A standby power supply (SPS) is also referred to as an “offline” UPS. In this type of supply, power usually derives directly from the power line, until power fails. Answer A is incorrect because a surge protector is designed to protect electrical devices from voltage spikes, not supply power. Answer C is incorrect; a ferroresonant UPS system maintains a constant output voltage even with a varying input voltage and provides good protection against line noise. Answer D is incorrect; in a continuous UPS, also called an “online” UPS, the computer is always running off of battery power, and the battery is continuously being recharged. There is no switchover time, and these supplies generally provide the best isolation from power line problems.
15. Answer: C. If the majority of your business is telephone based, you might look for redundancy in the phone system as opposed to the ISP. Therefore, Answer B is incorrect. Answer A is incorrect because if the servers failed, phone donations could still be taken via pen and paper. Answer D is incorrect because while data disk redundancy for the storage of data is important, without a phone system, the business could not function.
16. Answer: B. If all your business is web based, to provide continued customer access it is a good idea to have some redundancy in the event the Internet connection goes down. Answer A is incorrect because if one of the servers failed, business could still be conducted. Answer C is incorrect. If the majority of your business is telephone based, you might look for redundancy in the phone system as opposed to the ISP and this is not the case. Answer D is incorrect because while data disk redundancy for the storage of data is important, without an Internet connection, the business could not function.
17. Answer: D. The primary function of the business is to provide a backup service. Without data disk redundancy, the business could not operate. Answer A is incorrect because if one of the servers failed, business could be conducted. Answer B is incorrect because the main business purpose is to provide backup service. The temporary loss of the Internet connection going down is not as damaging as losing a data disk. Answer C is incorrect; if the majority of your business is telephone based, you might look for redundancy in the phone system, and this is not the case.
18. Answer: A. It might be necessary to set up redundant servers so that the business can still function in the event of hardware or software failure. If a single server hosts vital applications, a simple equipment failure might result in days of downtime as the problem is repaired. Answer B is incorrect; the main business purpose is to provide data warehousing. The temporary loss of the Internet connection going down is not as damaging as losing a vital server. Answer C is incorrect because if the majority of your business is telephone based, you might look for redundancy in the phone system and this is not the case. Answer D is incorrect because while data disk redundancy for the storage of data is important, the business could still function if a disk was lost.
19. Answer: B. Neglecting single points of failure can prove disastrous. A single point of failure is any piece of equipment that can bring your operation down if it stops working. Based on this, the Internet connection would be the single point of failure. Answers A, C, and D are incorrect; there is more than one of each of these pieces of equipment, so they are not single points of failure.
20. Answer: A. RAID Level 0 is a striped disk array without fault tolerance. Answer B is incorrect. RAID Level 1 is mirroring and duplexing. This solution requires a minimum of two disks and offers 100% redundancy because all data is written to both disks. Answer C is incorrect; RAID Level 5 consists of independent data disks with distributed parity blocks. In RAID 5, each entire block of the data and the parity is striped. Answer D is incorrect; RAID Level 10 is high reliability combined with high performance. This solution is a striped array that has RAID 1 arrays.
21. Answer: D. RAID Level 10 is high reliability combined with high performance. This solution is a striped array that has RAID 1 arrays. Answer A is incorrect because RAID Level 0 is a striped disk array without fault tolerance. Answer B is incorrect because RAID Level 1 is mirroring and duplexing. This solution requires a minimum of two disks and offers 100% redundancy because all data is written to both disks. Answer C is incorrect because RAID Level 5 consists of independent data disks with distributed parity blocks. In RAID 5, each entire block of the data and the parity is striped.
22. Answer: C. In RAID 5, each entire block of the data and the parity is striped. Because it writes both the data and the parity over all the disks, it has the best small read, large write performance of any redundancy disk array. Answer A is incorrect because RAID Level 0 is a striped disk array without fault tolerance. Answer B is incorrect because RAID Level 1 is mirroring and duplexing. This solution requires a minimum of two disks and offers 100% redundancy because all data is written to both disks. Answer D is incorrect; RAID Level 10 is high reliability combined with high performance. This solution is a striped array that has RAID 1 arrays.
23. Answer: B. RAID Level 1 is mirroring and duplexing. This solution requires a minimum of two disks and offers 100% redundancy because all data is written to both disks. RAID 1 disk usage is 50% as the other 50% is for redundancy. Answer A is incorrect because RAID Level 0 is a striped disk array without fault tolerance. Answer C is incorrect because RAID Level 5 consists of independent data disks with distributed parity blocks. In RAID 5, each entire block of the data and the parity is striped. Answer D is incorrect because RAID Level 10 is high reliability combined with high performance. This solution is a striped array that has RAID 1 arrays.
24. Answer: C. In the event of a disaster, an organization might also need to restore equipment (in addition to data). One of the best ways to ensure the availability of replacement parts is through service level agreements (SLAs). Answer A is incorrect because this solution consumes space and does not ensure that correct replacement parts will be available. Answers B and D are incorrect; they are too costly.
25. Answer: B. In disaster recovery planning, you might need to consider redundant connections between branches or sites. Because the records must be available between offices, this is the single point of failure that requires redundancy. Based on this information, answers A, C, and D are incorrect.
Objective 6.2: Implement disaster recovery procedures.
1. Answer: D. Business continuity planning is a more comprehensive approach to provide guidance so the organization can continue making sales and collecting revenue. As with disaster recovery planning, it covers natural and man-made disasters. Based on this information, answers A, B, and C are incorrect.
2. Answer: C. Saturday’s full backup must be installed, followed by Monday’s incremental backup, and finally Tuesday morning’s incremental backup. This will recover all data as of 3:00 a.m. Tuesday morning. Answer A is incorrect because a full backup Tuesday morning would be required to allow a single tape recovery of all data. Answer B is incorrect because A differential backup on Tuesday morning would be required in addition to the full backup so that only two backup tapes would be needed. Answer D is incorrect because four tapes would not be required.
3. Answer: B. A differential backup on Thursday morning would be required in addition to the full backup so that only two backup tapes would be needed. Answer A is incorrect because a full backup Thursday morning would be required to allow a single tape recovery of all data. Answer C is incorrect; Saturday’s full backup must be installed, followed by Monday’s, Tuesday’s, Wednesday’s, and Thursday’s incremental backup tapes. Answer D is incorrect because four tapes would not be required.
4. Answer: D. In the event of a total loss of data, restoration from a full backup will be faster than other methods. Answers A and B are incorrect; each of these methods will require more than one tape and take longer than restoring from a full backup. Answer C is incorrect because a copy backup copies all the selected files, but does not mark the files as having been backed up. This backup type is useful for backing up single files between normal and incremental backups because it does not affect these operations.
5. Answer: A. Grandfather-father-son backup refers to the most common rotation scheme for rotating backup media. Originally designed for tape backup, it works well for any hierarchical backup strategy. The basic method is to define three sets of backups, such as daily, weekly, and monthly. Answers B and C are incorrect; neither of these are valid backup methods. Answer D is incorrect because the Tower of Hanoi is based on the mathematics of the Tower of Hanoi puzzle, with what is essentially a recursive method.
6. Answer: D. The Tower of Hanoi is based on the mathematics of the Tower of Hanoi puzzle, with what is essentially a recursive method. It is a “smart” way of archiving an effective number of backups and provides the ability to go back over time. The Tower of Hanoi is more difficult to implement and manage but costs less than the grandfather-father-son scheme. Answer A is incorrect; grandfather-father-son backup refers to the most common rotation scheme for rotating backup media. Originally designed for tape backup, it works well for any hierarchical backup strategy. Answer B is incorrect because ten-tape rotation is a simpler and more cost-effective method for small businesses. It provides a data history of up to two weeks. Answer C is incorrect; this is not a valid backup method.
7. Answer: B. Ten-tape rotation is a simpler and more cost-effective method for small businesses. It provides a data history of up to two weeks. Friday backups are full backups. Monday through Thursday backups are incremental. Answer A is incorrect; grandfather-father-son backup refers to the most common rotation scheme for rotating backup media. Originally designed for tape backup, it works well for any hierarchical backup strategy. Answer C is incorrect; this is not a valid backup method. Answer D is incorrect; the Tower of Hanoi is based on the mathematics of the Tower of Hanoi puzzle, with what is essentially a recursive method. The Tower of Hanoi is more difficult to implement and manage but costs less than the grandfather-father-son scheme.
8. Answer: C. A disaster recovery plan is a written document that defines how the organization will recover from a disaster and how to restore business with minimum delay. Answer A is incorrect because an impact analysis is an analytic process that aims to reveal business and operational impacts stemming from any number of incidents or events. Answer B is incorrect because business continuity planning is a comprehensive approach to provide guidance so that the organization can continue making sales and collecting revenue. Answer D is incorrect because a risk analysis helps determine which security controls are appropriate and cost-effective.
9. Answers: A, D. Restoration planning documentation, backup scheduling, and backup media must include protections against unauthorized access or potential damage and critical procedures should be properly documented so that another equally trained individual can manage the restoration process. Answer B is incorrect; although this is convenient, it is not secure. Answer C is incorrect because this information does not belong in the employee manual.
10. Answer: B. A common practice is to have removable storage media locked in a proper safe or container at the end of the day. Answer A is incorrect; although this is convenient, it is not secure. Answer C is incorrect because this information does not belong in the desk of the HR manager. Answer D is incorrect because storing backup tapes in the home of the IT manager is a liability for the organization.
Objective 6.3: Differentiate between and execute appropriate incident response procedures.
1. Answer: D. Computer forensics review involves the application of investigative and analytical techniques to acquire and protect potential legal evidence. Answer A is incorrect; due diligence refers to the care a reasonable person should take before entering into an agreement or a transaction with another party. Answer B is incorrect because a chain of custody is the documentation of all transfers of evidence from one person to another. Answer C is incorrect because due process is the concept that laws and legal proceedings must be fair.
2. Answer: B. A chain of custody tells how the evidence made it from the crime scene to the courtroom, including documentation of how the evidence was collected, preserved, and analyzed. Answer A is incorrect; due diligence refers to the care a reasonable person should take before entering into an agreement or a transaction with another party. Answer C is incorrect because due process is the concept that laws and legal proceedings must be fair. Answer D is incorrect because computer forensics review involves the application of investigative and analytical techniques to acquire and protect potential legal evidence.
3. Answers: A, C. The major concepts behind computer forensics are to identify the evidence, determine how to preserve the evidence, extract, process, and interpret the evidence and ensure that the evidence is acceptable in a court of law This provides a total effective key length of 168 bits. Answers B and D are incorrect; identification and prosecution of the suspect are left to law enforcement.
4. Answer: B. A chain of custody tells how the evidence made it from the crime scene to the courtroom, including documentation of how the evidence was collected, preserved, and analyzed. Answer A is incorrect; a disaster recovery plan is a written document that defines how the organization will recover from a disaster and how to restore business with minimum delay. Answer C is incorrect because due process is the concept that laws and legal proceedings must be fair. Answer D is incorrect; due diligence refers to the care a reasonable person should take before entering into an agreement or a transaction with another party.
5. Answer: D. The entire work area is a potential crime scene, not just the computer itself. There might be evidence such as removable media, voicemail messages, or handwritten notes. The work area should be secured and protected to maintain the integrity of the area. Under no circumstances should you touch the computer or should anyone be allowed to remove any items from the scene. Based on this information, answers A, B, and C are incorrect.
6. Answer: A. If you are an untrained first responder, touch nothing and contact someone trained in these matters for help. Although it seems that simply viewing the files or directories on a system would not change the original media, merely browsing a file can change it. Based on this information, answers B, C, and D are incorrect.
7. Answer: C. When the response team has determined that an incident occurred, the next step in incident analysis involves taking a comprehensive look at the incident activity to determine the scope, priority, and threat of the incident. Answer A is incorrect; the press should not be contacted unless it is absolutely necessary, and then only after the scope has been determined. Answer B is incorrect because affected vendors should only be contacted after the scope has been determined. Answer D is incorrect because the risk cannot be mitigated until the scope is determined.
8. Answer: B. In keeping with the severity of the incident, the organization can act to mitigate the impact of the incident by containing it and eventually restoring operations back to normal. Answers A, C, and D are incorrect; analysis, remediation, and reporting happen after containment.
9. Answer: C. Request For Comments (RFC) 2350, “Expectations for Computer Security Incident Response,” spells out the expectations for computer security incident response. This RFC can be helpful in formulating organizational best practices for reporting and disclosure. Answer A is incorrect; organizational best practices for reporting and disclosure are not found in operating system manuals. Answer B is incorrect; FBI Investigative Guidelines are the guidelines on general crimes, national security investigative guidelines, and the confidential supplemental foreign intelligence guidelines. Answer D is incorrect because RFC 50 is comments on the Meyer Proposal.
10. Answer: B. It is important to accurately determine the cause of each incident so that it can be fully contained and the exploited vulnerabilities can be mitigated to prevent similar incidents from occurring in the future. Answer A is incorrect; the incident response plan would be updated, not the disaster recovery plan. Answer C is incorrect; apprehension and prosecution is the job of law enforcement. Answer D is incorrect; depending on the incident, press and vendor notification may not be necessary.
Objective 6.4: Identify and explain applicable legislation and organizational policies.
1. Answer: D. To ensure that proper incident response planning is managed and maintained, it is important to establish clear and detailed security policies that are ratified by an organization’s management and brought to the attention of its users. Current and pending legislation will affect the formulation of those policies. Answers A, B, and C are incorrect; although each of these factors may have influence on organizational policies, legislation will have the greatest effect.
2. Answer: A. An organization’s information sensitivity policy will define requirements for the classification and security of data and hardware resources based on their relative level of sensitivity. Answer B is incorrect because an acceptable use policy provides details that specify what users may do with their network access. Answer C is incorrect because a change management policy specifies details about system changes such as the files being replaced, the configuration being changed, and the machines or operating systems affected. Answer D is incorrect; a computer security policy defines the goals for securing and protecting an organization’s computer systems.
3. Answer: B. An acceptable use policy provides details that specify what users may do with their network access, including email and instant messaging usage for personal purposes, limitations on access times, and the storage space available to each user. Answer A is incorrect because an organization’s information sensitivity policy will define requirements for the classification and security of data and hardware resources based on their relative level of sensitivity. Answer C is incorrect because a change management policy specifies details about system changes such as the files being replaced, the configuration being changed, and the machines or operating systems affected. Answer D is incorrect because a computer security policy defines the goals and elements of an organization’s computer systems.
4. Answer: C. A change management policy specifies details about system changes such as the files being replaced, the configuration being changed, and the machines or operating systems affected. Answer A is incorrect because an organization’s information sensitivity policy will define requirements for the classification and security of data and hardware resources based on their relative level of sensitivity. Answer B is incorrect because an acceptable use policy provides details that specify what users may do with their network access. Answer D is incorrect because a computer security policy defines the goals and elements of an organization’s computer systems.
5. Answer: B. An acceptable use policy example is that upon logon, a statement that network access is granted under certain conditions and that all activities may be monitored is displayed. Answer A is incorrect because an organization’s information sensitivity policy will define requirements for the classification and security of data and hardware resources based on their relative level of sensitivity. Answer C is incorrect because a change management policy specifies details about system changes such as the files being replaced, the configuration being changed, and the machines or operating systems affected. Answer D is incorrect because a computer security policy defines the goals and elements of an organization’s computer systems.
6. Answer: D. The idea of separation of duties hinges on the concept that multiple people conspiring to corrupt a system is less likely than a single person corrupting it. Answer A is incorrect; due care is the knowledge and actions that a reasonable and prudent person would possess or act upon. Answer B is incorrect because due diligence refers to the care a reasonable person should take before entering into an agreement or a transaction with another party. Answer C is incorrect; principle of least privilege refers to the concept that all users at all times should run with as few privileges as possible.
7. Answer: B. Due diligence refers to the care a reasonable person should take before entering into an agreement or a transaction with another party. Answer A is incorrect; due care is the knowledge and actions that a reasonable and prudent person would possess or act upon. Answer C is incorrect; due process is the concept that laws and legal proceedings must be fair. Answer D is incorrect; due course is an onward movement in a particular direction.
8. Answer: A. Due care is the knowledge and actions that a reasonable and prudent person would possess or act upon. Answer B is incorrect because due diligence refers to the care a reasonable person should take before entering into an agreement or a transaction with another party. Answer C is incorrect; due process is the concept that laws and legal proceedings must be fair. Answer D is incorrect; due course is an onward movement in a particular direction.
9. Answer: C. Due process is the concept that laws and legal proceedings must be fair. Answer A is incorrect; due care is the knowledge and actions that a reasonable and prudent person would possess or act upon. Answer B is incorrect because due diligence refers to the care a reasonable person should take before entering into an agreement or a transaction with another party. Answer D is incorrect; due course is an onward movement in a particular direction.
10. Answer: B. Due diligence refers to the care a reasonable person should take before entering into an agreement or a transaction with another party. Answer A is incorrect; due care is the knowledge and actions that a reasonable and prudent person would possess or act upon. Answer C is incorrect; due process is the concept that laws and legal proceedings must be fair. Answer D is incorrect; due course is an onward movement in a particular direction.
11. Answer: A. Due care is the knowledge and actions that a reasonable and prudent person would possess or act upon. Answer B is incorrect because due diligence refers to the care a reasonable person should take before entering into an agreement or a transaction with another party. Answer C is incorrect because due process is the concept that laws and legal proceedings must be fair. Answer D is incorrect because due course is an onward movement in a particular direction.
12. Answer: C. Due process is the concept that laws and legal proceedings must be fair. Answer A is incorrect; due care is the knowledge and actions that a reasonable and prudent person would possess or act upon. Answer B is incorrect because due diligence refers to the care a reasonable person should take before entering into an agreement or a transaction with another party. Answer D is incorrect; due course is an onward movement in a particular direction.
13. Answer: D. ISO 17799, particularly sections 7 and 8, has established standards for dealing with the proper disposal of obsolete hardware. Answer A is incorrect; Sarbanes-Oxley (SOX) governs financial and accounting disclosure information. Answer B is incorrect; ISO 9000 is a family of standards for quality management systems. Answer C is incorrect; the IEEE specifications are the central source for standardization in a broad range of emerging technologies.
14. Answers: A, B, D. Breaches of health and safety requirements, inadequate disposal planning results in severe business loss, remnants of legacy data from old systems that may still be accessible, and disposal of old equipment that is necessary to read archived data should be considered when formulating a policy on the secure disposal of outdated equipment. Answer C is incorrect because it is addressing a cost, not a disposal consideration.
15. Answer: B. Sanitization is the process of removing the contents from the media as fully as possible, making it extremely difficult to restore. Answer A is incorrect because declassification is a formal process of assessing the risk involved in discarding particular information. Answer C is incorrect because degaussing is a method that uses an electrical device to reduce the magnetic flux density of the storage media to zero. Answer D is incorrect because destruction is the process of physically destroying the media and the information stored on it.
16. Answer: A. Strong password policies help protect the network from hackers and define the responsibilities of users who have been given access to company resources. Answer B is incorrect; if the passwords are too difficult to remember, users will write them down and post them on monitors, keyboards, and any number of easy-to-find places. Answer C is incorrect because enabling Store Passwords Using Reversible Encryption is essentially the same as storing passwords in plaintext, which is unsecure and not recommended. The purpose of this policy setting is to provide support for applications that use protocols that require knowledge of the user’s password for authentication purposes. Answer D is incorrect because default passwords can easily be guessed by an intruder.
17. Answer: C. After the change has been requested, documented, and approved, you should then send out notification to the users so that they will know what to expect when the change has been implemented. Therefore, Answer A is incorrect; notification happens before implementation. Answer B is incorrect; often management doesn’t need notification. Answer D is incorrect; once changes are approved, there should not be workarounds.
18. Answer: C. Class 3 is confidential information that if the data become public, it could influence the organization’s operational effectiveness and cause financial loss. Answer A is incorrect because Class 1 is data available in the public domain. Answer B is incorrect because Class 2 is internal information that should the data become public, the consequences are not critical. Answer D is incorrect because Class 4 is secret information. This data is critical to the company, should be accessed by very few, and should never become public.
19. Answer: B. Proprietary classification is internal information that defines the way in which the organization operates. Security should be high. Answer A is incorrect because top-secret classification is highly sensitive internal documents and data. This is the highest security level possible. Answer C is incorrect because internal use only classification is information that is unlikely to result in financial loss or serious damage to the organization. This is a restricted but normal security level. Answer D is incorrect because public documents classification is information in the public domain. This is a minimal security level.
20. Answer: A. Top-secret classification is highly sensitive internal documents and data. This is the highest security level possible. Answer B is incorrect because proprietary classification is internal information that defines the way in which the organization operates. Security should be high. Answer C is incorrect because internal use only classification is information that is unlikely to result in financial loss or serious damage to the organization. This is a restricted but normal security level. Answer D is incorrect because public documents classification is information in the public domain. This is a minimal security level.
21. Answer: C. Internal use only classification is information that is unlikely to result in financial loss or serious damage to the organization. This is a restricted but normal security level. Answer A is incorrect because top-secret classification is highly sensitive internal documents and data. This is the highest security level possible. Answer B is incorrect because proprietary classification is internal information that defines the way in which the organization operates. Security should be high. Answer D is incorrect because public documents classification is information in the public domain. This is a minimal security level.
22. Answer: D. The idea of separation of duties hinges on the concept that multiple people conspiring to corrupt a system is less likely than a single person corrupting it. Often you will find this in financial institutions, where in order to violate the security controls, all the participants in the process would have to agree to compromise the system. Answer A is incorrect; due care is the knowledge and actions that a reasonable and prudent person would possess or act upon. Answer B is incorrect because due diligence refers to the care a reasonable person should take before entering into an agreement or a transaction with another party. Answer C is incorrect; principle of least privilege refers to the concept that all users at all times should run with as few privileges as possible.
23. Answer: A. For security purposes, organizations should avoid having one individual who has complete control of a transaction or process from beginning to end, and implement policies such as job rotation, mandatory vacations, and cross-training. Answer B is incorrect; security compliance deals with adhering to regulations and standards. Answer C is incorrect; principle of least privilege refers to the concept that all users at all times should run with as few privileges as possible. Answer D is incorrect because due diligence refers to the care a reasonable person should take before entering into an agreement or a transaction with another party.
24. Answers: A, C, D. For security purposes, organizations should avoid having one individual who has complete control of a transaction or process from beginning to end, and implement policies such as job rotation, mandatory vacations, and cross-training. Answer B is incorrect because a change management policy specifies details about system changes such as the files being replaced, the configuration being changed, and the machines or operating systems affected.
25. Answers: A, B, C. Privacy-sensitive information is referred to as personally identifiable information (PII). This is any information that identifies or can be used to identify, contact, or locate the person to whom such information pertains. Examples of PII are name, address, phone number, fax number, email address, financial profiles, Social Security number, and credit card information. Answer D is incorrect because group membership does not expose privacy-sensitive information.
26. Answer: B. Service level agreements establish the contracted requirements for service through utilities, facility management, and ISPs. Answer A is incorrect a business impact analysis is an analytic process that aims to reveal business and operational impacts stemming from any number of incidents or events. Answer C is incorrect because a disaster recovery plan is a written document that defines how the organization will recover from a disaster and how to restore business with minimum delay. Answer D is incorrect because a disaster recovery policy outlines what to do during a disaster.
27. Answer: B. Service level agreements establish the contracted requirements for service through utilities, facility management, and ISPs. The purpose of an SLA is to establish a cooperative partnership, bring both sides together, and map out each party’s responsibilities. Answer A is incorrect a business impact analysis is an analytic process that aims to reveal business and operational impacts stemming from any number of incidents or events. Answer C is incorrect because a disaster recovery plan is a written document that defines how the organization will recover from a disaster and how to restore business with minimum delay. Answer D is incorrect because a disaster recovery policy outlines what to do during a disaster.
28. Answer: C. When termination involves power users with high-level access rights or knowledge of service administrator passwords, it is critical to institute password and security updates to exclude known avenues of access while also increasing security monitoring for possible reprisals against the organization. Answer A is incorrect; immediately wiping the computer could delete necessary information. Answer B is incorrect; although an exit interview is part of normal HR processes, the concern is access after termination. Answer D is incorrect; searching the user’s work area should be done by proper authority and procedures.
29. Answer: A. Hackers and other agents seeking unauthorized access often search for highly placed users within an organization who have exempted themselves from standard security policies. Information about the profiles and positions of high-level users is often available on organizational websites which can provide hackers with more directed information. Answers B and D are incorrect; these two groups should have a heightened sense of security awareness and not divulge confidential information. Answer C is incorrect because users can provide valuable information, but high-level employees have access to more valuable information.
30. Answer: A. It is important to locate a suitable upper-level sponsor for security initiatives to ensure that published security training and other requirements are applied to all users equally. Without management buy-in, the program will have a difficult time being successful. Based on this information, answers B, C, and D are incorrect.
Objective 6.5: Explain the importance of environmental controls.
1. Answer: B. The pipe in the wet-pipe system has water under pressure in it at all times. Answer A is incorrect because dry-pipe systems work in exactly the same fashion as wet-pipe systems, except that the pipes are filled with pressurized air rather than water. Conventional deluge and preaction fire protection systems include a control valve, commonly called a deluge valve, which normally prevents water from flowing into a sprinkler line. Therefore, answers C and D are incorrect.
2. Answer: D. A wet-pipe system constantly has water in it. In dry-pipe systems, water is used but is held back by a valve until a certain temperature is reached. Therefore, answers A, B, and C are incorrect.
3. Answer: C. Class A fires are trash, wood, and paper. Answer A is incorrect because Class C fires are energized electrical equipment, electrical fire. Answer B is incorrect because Class B fires are flammable liquids, gases, and greases. Answer D is incorrect because Class D fires are fires that involve combustible metals such as magnesium, titanium, and sodium.
4. Answers: A, C. With UTP and STP, an inherent danger lies in the fact that it is easy to add devices to the network via open ports on unsecured hubs and switches. Answer B is incorrect because coax cables have no physical transmission security and are very simple to tap without interrupting regular transmissions or being noticed. Answer D is incorrect because it is impossible to tap fiber without interrupting the service and using specially constructed equipment. This makes it more difficult to eavesdrop or steal service.
5. Answer: A. Class C fires are energized electrical equipment, electrical fire. Answer B is incorrect because Class B fires are flammable liquids, gases, and greases. Answer C is incorrect. Class A fires are trash, wood, and paper. Answer D is incorrect. Class D fires are fires that involve combustible metals such as magnesium, titanium, and sodium.
6. Answer: D. Class D fires are fires that involve combustible metals such as magnesium, titanium, and sodium. Answer A is incorrect because Class C fires are energized electrical equipment, electrical fire. Answer B is incorrect because Class B fires are flammable liquids, gases, and greases. Answer C is incorrect because Class A fires are trash, wood, and paper.
7. Answer: B. Class B fires, which are flammable liquids, gases, and greases, are usually put out using foam. Answer A is incorrect; for Class A fires, which are trash, wood, and paper, water will decrease the fire’s temperature and extinguish its flames. Answer C is incorrect because the two types of extinguishing agents for Class D fires are sodium chloride and a copper-based dry powder. Answer D is incorrect; Class C fires, which are energized electrical equipment, electrical fire, and burning wires, are put out using extinguishes based on carbon dioxide or halon.
8. Answer: A. For Class A fires, which are trash, wood, and paper, water will decrease the fire’s temperature and extinguish its flames. Answer B is incorrect. Class B fires, which are flammable liquids, gases, and greases, are usually put out using foam. Answer C is incorrect because the two types of extinguishing agents for Class D fires are sodium chloride and a copper-based dry powder. Answer D is incorrect; Class C fires, which are energized electrical equipment, electrical fire, and burning wires, are put out using extinguishes based on carbon dioxide or halon.
9. Answer: D. Class C fires, which are energized electrical equipment, electrical fire, and burning wires, are put out using extinguishes based on carbon dioxide or halon. Answer A is incorrect. For Class A fires, which are trash, wood, and paper, water will decrease the fire’s temperature and extinguish its flames. Answer B is incorrect; Class B fires, which are flammable liquids, gases, and greases, are usually put out using foam. Answer C is incorrect because the two types of extinguishing agents for Class D fires are sodium chloride and a copper-based dry powder.
10. Answer: C. The two types of extinguishing agents for Class D fires are sodium chloride and a copper-based dry powder. Answer A is incorrect. For Class A fires, which are trash, wood, and paper, water will decrease the fire’s temperature and extinguish its flames. Answer B is incorrect; Class B fires, which are flammable liquids, gases, and greases, are usually put out using foam. Answer D is incorrect; Class C fires, which are energized electrical equipment, electrical fire, and burning wires, are put out using extinguishers based on carbon dioxide or halon.
11. Answer: D. In 1987, an international agreement known as the Montreal Protocol mandated, because of emissions, the phase out of halons in developed countries by the year 2000 and in less-developed countries by 2010. Therefore, carbon dioxide extinguishers have replaced halon ones. They don’t leave a harmful residue, making them a good choice for an electrical fire on a computer or other electronic devices. Based on this information, answers A, B, and C are incorrect.
12. Answers: A, C, D. When choosing a location for a building, an organization should investigate the type of neighborhood, population, crime rate, and emergency response times. Answer B is incorrect because the proximity to an electronic store may be a consideration, but it should not one of the deciding factors.
13. Answer: A. One of the reasons for using a dry-pipe system is that when the outside temperature drops below freezing, any water in the pipes will freeze, causing them to burst. Therefore, answer B is incorrect. Answer C is incorrect because deluge systems are used in places that are considered high hazard areas such as power plants, aircraft hangars and chemical storage or processing facilities. Deluge systems are needed where high velocity suppression is necessary to prevent fire spread. Answer D is incorrect; conventional preaction systems are relatively complex and expensive, tending to preclude the benefits of their use in low-cost water-sensitive applications such as small areas and residential applications where the need to avoid inadvertent water damage is as important as providing protection against fire damage.
14. Answers: B. Overcooling causes condensation on equipment, and too dry leads to excessive static. Therefore, answer D is incorrect. Answers A and C are incorrect because electromagnetic interference (EMI), also called radio frequency interference (RFI), is a disturbance that affects an electrical circuit due to either electromagnetic conduction or electromagnetic radiation emitted from an external source.
15. Answer: D. Overcooling causes condensation on equipment, and too dry leads to excessive static. Therefore, Answer B is incorrect. Answers A and C are incorrect because electromagnetic interference (EMI), also called radio frequency interference (RFI), is a disturbance that affects an electrical circuit due to either electromagnetic conduction or electromagnetic radiation emitted from an external source.
16. Answer: A. A high level of humidity can cause components to rust and degrade electrical resistance or thermal conductivity. Answer B is incorrect because a low level of humidity can subject components to electrostatic discharge (ESD), causing damage. Answer C is incorrect because EMF is associated with the electricity that comes out of every power sockets and higher-frequency radio waves that create electromagnetic fields. Answer D is incorrect because solidification is the crystallization of a large amount of material from a single point of nucleation results in a single crystal.
17. Answer: D. It is impossible to tap fiber without interrupting the service and using specially constructed equipment. This makes it more difficult to eavesdrop or steal service. Answers A and C are incorrect. With UTP and STP, an inherent danger lies in the fact that it is easy to add devices to the network via open ports on unsecured hubs and switches. Answer B is incorrect because coax cables have no physical transmission security and are very simple to tap without interrupting regular transmissions or being noticed.
18. Answer: C. An efficient way to protect a large quantity of equipment from electronic eavesdropping is to place the equipment into a well-grounded metal box called a Faraday cage. Answer A is incorrect; an electron configuration table is a type of code that describes how many electrons are in each energy level of an atom and how the electrons are arranged within each energy level. Answer B is incorrect because EMF is associated with the electricity that comes out of every power sockets and higher-frequency radio waves that create electromagnetic fields. Answer D is incorrect because TEMPEST can be costly to implement and protecting an area within a building makes more sense than protecting individual pieces of equipment.
19. Answer: D. You are most likely to find TEMPEST equipment in government, military, and corporate environments that process government/military classified information. Answer A is incorrect; an electron configuration table is a type of code that describes how many electrons are in each energy level of an atom and how the electrons are arranged within each energy level. Answer B is incorrect because EMF is associated with the electricity that comes out of every power sockets and higher-frequency radio waves that create electromagnetic fields. Answer C is incorrect because although a Faraday cage is an option, it protects an area within a building not individual pieces of equipment.
20. Answer: B. Coax cables have no physical transmission security and are very simple to tap without interrupting regular transmissions or being noticed. Answers A and C are incorrect; both UTP and STP are possible to tap, although it is physically a little trickier than tapping coax cable because of the physical structure of STP and UTP cable. Answer D is incorrect because it is impossible to tap fiber without interrupting the service and using specially constructed equipment. This makes it more difficult to eavesdrop or steal service.
Objective 6.6: Explain the concept of and how to reduce the risks of social engineering.
1. Answer: B. Social engineering is a process by which an attacker may extract useful information from users who are often just tricked into helping the attacker. Answer A is incorrect because pharming is a hacker’s attack aiming to redirect a website’s traffic to another, bogus website. Answer C is incorrect because phishing is an attempt to acquire sensitive information by masquerading as a trustworthy entity via an electronic communication, usually email. Answer D is incorrect because shoulder surfing uses direct observation techniques. It gets its name from looking over someone’s shoulder to get information.
2. Answer: C. Phishing is an attempt to acquire sensitive information by masquerading as a trustworthy entity via an electronic communication, usually email. Answer A is incorrect because pharming is a hacker’s attack aiming to redirect a website’s traffic to another, bogus website. Answer B is incorrect. Social engineering is a process by which an attacker may extract useful information from users who are often just tricked into helping the attacker. Answer D is incorrect because shoulder surfing uses direct observation techniques. It gets its name from looking over someone’s shoulder to get information.
3. Answer: D. For best protection, proper security technologies and techniques must be deployed at the client side, the server side, and the enterprise level. Ideally, users should not be able to directly access email attachments from within the email application. However, the best defense is user education. Answer A is incorrect; S/MIME is a standard for public key encryption and signing of email. Answer B is incorrect because antivirus software cannot identify phishing scams. Answer C is incorrect because email filtering cannot catch all unwanted email.
4. Answer: B. Hoax messages may warn of emerging threats that do not exist. They might instruct users to delete certain files to ensure their security against a new virus, while actually only rendering the system more susceptible to later viral agents. Answer A is incorrect because pharming is a hacker’s attack aiming to redirect a website’s traffic to another, bogus website. Answer C is incorrect because phishing is an attempt to acquire sensitive information by masquerading as a trustworthy entity via an electronic communication, usually email. Answer D is incorrect because spam is unwanted email communication.
5. Answer: A. Although hoaxes present issues such as loss of functionality or security vulnerabilities, they also use system resources and consume users’ time. This results in lost productivity and an undue burden on the organization’s resources, especially if many employees respond. Answer B is incorrect; although virus may be a concern, the idea behind a chain letter is to occupy time and resources. Answer C is incorrect because hoaxes try to occupy time and resources, not garner proprietary information. Answer D is incorrect because this statement is simply not true.
6. Answer: C. Equipment sometimes is put in the garbage because city laws do not require special disposal. Because intruders know this, they can scavenge through discarded equipment and documents, called dumpster diving, and extract sensitive information from it without ever contacting anyone in the company. Answer A is incorrect; health hazards are a concern; however, the real danger is the organizational information that is readily accessible. Answer B is incorrect; social engineering is a process by which an attacker may extract useful information from users who are often just tricked into helping the attacker. Answer D is incorrect because shoulder surfing uses direct observation techniques. It gets its name from looking over someone’s shoulder to get information.
7. Answer: C. Equipment sometimes is put in the garbage because city laws do not require special disposal. Because intruders know this, they can scavenge through discarded equipment and documents, called dumpster diving, and extract sensitive information from it without ever contacting anyone in the company. Answer A is incorrect; fire hazards are a concern. However, the real danger is the organizational information that is readily accessible. Answer B is incorrect because social engineering is a process by which an attacker may extract useful information from users who are often just tricked into helping the attacker. Answer D is incorrect because shoulder surfing uses direct observation techniques. It gets its name from looking over someone’s shoulder to get information.
8. Answer: D. Shoulder surfing uses direct observation techniques. It gets its name from looking over someone’s shoulder to get information. Shoulder surfing is an effective way to get information in crowded places such as airports, conventions, or coffee shops because it’s relatively easy to stand next to someone and watch as the person enters a PIN or a password. Answer A is incorrect; virus infection is a concern. However, the real danger is the organizational information that is readily accessible. Answer B is incorrect because social engineering is a process by which an attacker may extract useful information from users who are often just tricked into helping the attacker. Answer C is incorrect because dumpster diving is scavenging through discarded equipment and documents and extract sensitive information from it without ever contacting anyone in the company.
9. Answer: B. The immediate solution to prevent shoulder surfing is to shield paperwork or your keypad from view by using your body or cupping your hand. Biometrics and gaze-based password entry makes gleaning password information difficult for the unaided observer while retaining the simplicity and ease of use for the user. Answer A is incorrect because it is an immediate solution, not the best defense. Answer C is incorrect because security guards won’t necessarily prevent shoulder surfing. Answer D is incorrect because switching to deadbolts is not a viable solution.
10. Answer: A. Reverse social engineering involves an attacker convincing the user that he is a legitimate IT authority, causing the user to solicit his assistance. Answer B is incorrect because denial of service is a type of network attack. Answer C is incorrect because shoulder surfing uses direct observation techniques. It gets its name from looking over someone’s shoulder to get information. Answer D is incorrect because phishing is an attempt to acquire sensitive information by masquerading as a trustworthy entity via an electronic communication, usually email.
11. Answer: A. The immediate solution to prevent shoulder surfing is to shield paperwork or your keypad from view by using your body or cupping your hand. Biometrics and gaze-based password entry makes gleaning password information difficult for the unaided observer while retaining the simplicity and ease of use for the user. Answer B is incorrect because it is the best defense, not an immediate solution. Answer C is incorrect because security guards won’t necessarily prevent shoulder surfing. Answer D is incorrect because switching to deadbolts is not a viable solution.
12. Answers: A, B. Social engineering attacks involve tricking a user into providing the attacker with access rights or operational details. Answer C is incorrect because packet sniffing is a form of a network security threat. Answer D is incorrect because this is a physical access control risk rather than social engineering.
13. Answer: C. Management training should focus on the ramifications of social engineering, such as the liability of the company when a breach happens, the financial damage that can happen, and how this can affect the reputation or credibility of the company. Answer A is incorrect because the user-based training will be more prevention oriented. Answer B is incorrect because to focus the training on costs rather than benefits is not promoting education. Answer D is incorrect because this training will be technical.
14. Answers: B, C, D. Planning, training, regular reminders, and firm and clear security policies are important when you’re attempting to minimize vulnerabilities created by social engineering. Answer A is incorrect; security posters might be a part of training, but are not an essential element.
15. Answers: A, D. Some guidelines for information to be included in user training may consist of the following points: how to address someone who has her hands full and asks for help getting into a secure area, how to react to someone who has piggybacked into the building, what to say to a vice president who has forgotten his password and needs it right away, and what to do when an administrator calls and asks for a user’s password. Answer B is incorrect; this is a part of fire safety education. Answer C is incorrect; virus education should be addressed separately from security awareness training.