Chapter 9
Practice Test 1

  1. Lisa is attempting to prevent her network from being targeted by IP spoofing attacks as well as preventing her network from being the source of those attacks. Which of the following rules are best practices that Lisa should configure at her network border? (Select all that apply.)
    1. Block packets with internal source addresses from entering the network.
    2. Block packets with external source addresses from leaving the network.
    3. Block packets with public IP addresses from entering the network.
    4. Block packets with private IP addresses from exiting the network.
  2. Ed has been tasked with identifying a service that will provide a low-latency, high-performance, and high-availability way to host content for his employer. What type of solution should he seek out to ensure that his employer's customers around the world can access their content quickly, easily, and reliably?
    1. A hot site
    2. A CDN
    3. Redundant servers
    4. A P2P CDN
  3. Fran is building a forensic analysis workstation and is selecting a forensic disk controller to include in the setup. Which of the following are functions of a forensic disk controller? (Select all that apply.)
    1. Preventing the modification of data on a storage device
    2. Returning data requested from the device
    3. Reporting errors sent by the device to the forensic host
    4. Blocking read commands sent to the device
  4. Mike is building a fault-tolerant server and wants to implement RAID 1. How many physical disks are required to build this solution?
    1. 1
    2. 2
    3. 3
    4. 5
  5. Darren is troubleshooting an authentication issue for a Kerberized application used by his organization. He believes the issue is with the generation of session keys. What Kerberos service should he investigate first?
    1. KDC
    2. TGT
    3. AS
    4. TGS
  6. Evelyn believes that one of her organization's vendors has breached a contractual obligation to protect sensitive data and would like to conduct an investigation into the circumstances. Based upon the results of the investigation, it is likely that Evelyn's organization will sue the vendor for breach of contract. What term best describes the type of investigation that Evelyn is conducting?
    1. Administrative investigation
    2. Criminal investigation
    3. Civil investigation
    4. Regulatory investigation
  7. Ivan is installing a motion detector to protect a sensitive work area that uses high-frequency microwave signal transmissions to identify potential intruders. What type of detector is he installing?
    1. Infrared
    2. Heat-based
    3. Wave pattern
    4. Capacitance
  8. Susan sets up a firewall that keeps track of the status of the communication between two systems and allows a remote system to respond to a local system only after the local system starts communication. What type of firewall is Susan using?
    1. A static packet filtering firewall
    2. An application-level gateway firewall
    3. A stateful packet inspection firewall
    4. A circuit-level gateway firewall

    For questions 9–11, please refer to the following scenario:

    Ben owns a coffeehouse and wants to provide wireless internet service for his customers. Ben's network is simple and uses a single consumer-grade wireless router and a cable modem connected via a commercial cable data contract.

  9. How can Ben provide access control for his customers without having to provision user IDs before they connect while also gathering useful contact information for his business purposes?
    1. WPA2 PSK
    2. A captive portal
    3. Require customers to use a publicly posted password like “BensCoffee”
    4. WPA3 SAE
  10. Ben intends to run an open (unencrypted) wireless network. How should he connect his business devices?
    1. Run WPA3 on the same SSID.
    2. Set up a separate SSID using WPA3.
    3. Run the open network in Enterprise mode.
    4. Set up a separate wireless network using WEP.
  11. After implementing the solution from the first question, Ben receives a complaint about users in his cafe hijacking other customers' web traffic, including using their usernames and passwords. How is this possible?
    1. The password is shared by all users, making traffic vulnerable.
    2. A malicious user has installed a Trojan on the router.
    3. A user has ARP spoofed the router, making all traffic broadcast to all users.
    4. Open networks are unencrypted, making traffic easily sniffable.
  12. Kevin is reviewing and updating the security documentation used by his organization. He would like to document some best practices for securing IoT devices that his team has developed over the past year. The practices are generalized in nature and do not cover specific devices. What type of document would be best for this purpose?
    1. Policy
    2. Standard
    3. Guideline
    4. Procedure
  13. Tom is tuning his security monitoring tools in an attempt to reduce the number of alerts received by administrators without missing important security events. He decides to configure the system to only report failed login attempts if there are five failed attempts to access the same account within a one-hour period of time. What term best describes the technique that Tom is using?
    1. Thresholding
    2. Sampling
    3. Account lockout
    4. Clipping
  14. Sally has been tasked with deploying an authentication, authorization, and accounting server for wireless network services in her organization and needs to avoid using proprietary technology. What technology should she select?
    1. OAuth
    2. RADIUS
    3. XTACACS
    4. TACACS+
  15. An accounting clerk for Christopher's Cheesecakes does not have access to the salary information for individual employees but wanted to know the salary of a new hire. He pulled total payroll expenses for the pay period before the new person was hired and then pulled the same expenses for the following pay period. He computed the difference between those two amounts to determine the individual's salary. What type of attack occurred?
    1. Salami slicing
    2. Data diddling
    3. Inference
    4. Social engineering
  16. Alice would like to have read permissions on an object and knows that Bob already has those rights and would like to give them to herself. Which one of the rules in the Take-Grant protection model would allow her to complete this operation if the relationship exists between Alice and Bob?
    1. Take rule
    2. Grant rule
    3. Create rule
    4. Remote rule
  17. During a log review, Danielle discovers a series of logs that show login failures:
    Jan 31 11:39:12 ip-10-0-0-2 sshd[29092]: Invalid user admin from remotehost passwd=aaaaaaaa
    Jan 31 11:39:20 ip-10-0-0-2 sshd[29098]: Invalid user admin from remotehost passwd=aaaaaaab
    Jan 31 11:39:23 ip-10-0-0-2 sshd[29100]: Invalid user admin from remotehost passwd=aaaaaaac
    Jan 31 11:39:31 ip-10-0-0-2 sshd[29106]: Invalid user admin from remotehost passwd=aaaaaaad
    Jan 31 20:40:53 ip-10-0-0-254 sshd[30520]: Invalid user admin from remotehost passwd=aaaaaaae

    What type of attack has Danielle discovered?

    1. A pass-the-hash attack
    2. A brute-force attack
    3. A man-in-the-middle attack
    4. A dictionary attack
  18. Ben is designing a database-driven application and would like to ensure that two executing transactions do not affect each other by storing interim results in the database. What property is he seeking to enforce?
    1. Atomicity
    2. Isolation
    3. Consistency
    4. Durability
  19. Kim is the system administrator for a small business network that is experiencing security problems. She is in the office in the evening working on the problem, and nobody else is there. As she is watching, she can see that systems on the other side of the office that were previously behaving normally are now exhibiting signs of infection one after the other. What type of malware is Kim likely dealing with?
    1. Virus
    2. Worm
    3. Trojan horse
    4. Logic bomb
  20. Barb is reviewing the compliance obligations facing her organization and the types of liability that each one might incur. Which of the following laws and regulations may involve criminal penalties if violated? (Select all that apply.)
    1. FERPA
    2. HIPAA
    3. SOX
    4. PCI DSS
  21. Quentin is analyzing network traffic that he collected with Wireshark on a TCP/IP network. He would like to identify all new connections that were set up during his traffic collection. If he is looking for the three packets that constitute the TCP three-way handshake used to establish a new connection, what flags should be set on the first three packets?
    1. SYN, ACK, SYN/ACK
    2. PSH, RST, ACK
    3. SYN, SYN/ACK, ACK
    4. SYN, RST, FIN
  22. Daniel is selecting a new mobile device management (MDM) solution for his organization and is writing the RFP. He is trying to decide what features he should include as requirements after aligning his organization's security needs with an MDM platform's capabilities. Which of the following are typical capabilities of MDM solutions? (Select all that apply.)
    1. Remotely wiping the contents of a mobile device
    2. Assuming control of a nonregistered BYOD mobile device
    3. Enforcing the use of device encryption
    4. Managing device backups
  23. Jim is implementing an IDaaS solution for his organization. What type of technology is he putting in place?
    1. Identity as a service
    2. Employee ID as a service
    3. Intrusion detection as a service
    4. OAuth
  24. Gina recently took the CISSP certification exam and then wrote a blog post that included the text of many of the exam questions that she experienced. What aspect of the (ISC)2 Code of Ethics is most directly violated in this situation?
    1. Advance and protect the profession.
    2. Act honorably, honestly, justly, responsibly, and legally.
    3. Protect society, the common good, necessary public trust and confidence, and the infrastructure.
    4. Provide diligent and competent service to principals.
  25. Gordon is conducting a risk assessment for his organization and determined the amount of damage that flooding is expected to cause to his facilities each year. What metric has Gordon identified?
    1. ALE
    2. ARO
    3. SLE
    4. EF
  26. Greg would like to implement application control technology in his organization. He would like to limit users to installing only approved software on their systems. What type of application control would be appropriate in this situation?
    1. Blacklisting
    2. Graylisting
    3. Whitelisting
    4. Bluelisting
  27. Frank is the security administrator for a web server that provides news and information to people located around the world. His server received an unusually high volume of traffic that it could not handle and was forced to reject requests. Frank traced the source of the traffic back to a botnet. What type of attack took place?
    1. Denial-of-service
    2. Reconnaissance
    3. Compromise
    4. Malicious insider
  28. In the database table shown here, which column would be the best candidate for a primary key?
    Schematic illustration of the database table.
    1. Company ID
    2. Company Name
    3. ZIP Code
    4. Sales Rep
  29. Gwen is a cybersecurity professional for a financial services firm that maintains records of their customers. These records include personal information about each customer, including the customer's name, Social Security number, date and place of birth, and mother's maiden name. What category best describes these records?
    1. PHI
    2. Proprietary data
    3. PII
    4. EDI
  30. Bob is configuring egress filtering on his network, examining traffic destined for the internet. His organization uses the public address range Packets with which one of the following destination addresses should Bob permit to leave the network?
  31. Brian is considering increasing the length of the cryptographic keys used by his organization. If he adds 8 bits to the encryption key, how many more possible keys will be added to the keyspace for the algorithm?
    1. The size of the keyspace will double.
    2. The size of the keyspace will increase by a factor of 8.
    3. The size of the keyspace will increase by a factor of 64.
    4. The size of the keyspace will increase by a factor of 256.
  32. Which of the following data assets may be safely and effectively disposed of using shredding? (Select all that apply.)
    1. Paper records
    2. Credit cards
    3. Removable media
    4. SSD hard drives
  33. GAD Systems is concerned about the risk of hackers stealing sensitive information stored on a file server. They choose to pursue a risk mitigation strategy. Which one of the following actions would support that strategy?
    1. Encrypting the files
    2. Deleting the files
    3. Purchasing cyber-liability insurance
    4. Taking no action
  34. Viola is conducting a user account audit to determine whether accounts have the appropriate level of permissions and that all permissions were approved through a formal process. The organization has approximately 50,000 user accounts and an annual employee turnover rate of 24 percent. Which one of the following sampling approaches would be the most effective use of her time when choosing records for manual review?
    1. Select all records that have been modified during the past month.
    2. Ask access administrators to identify the accounts most likely to have issues and audit those.
    3. Select a random sample of records, either from the entire population or from the population of records that have changed during the audit period.
    4. Sampling is not effective in this situation, and all accounts should be audited.
  35. Lila is reviewing her organization's adverse termination process. In that process, when would be the most appropriate time to revoke a user's access privileges to digital systems?
    1. At the time the user is informed of the termination
    2. At the end of the last day of employment
    3. At the time the decision is made
    4. Several days after the last day of employment
  36. William is reviewing log files that were stored on a system with a suspected compromise. He finds the log file shown here. What type of log file is this?
    Snapshot of the log file.
    1. Firewall log
    2. Change log
    3. Application log
    4. System log
  37. Roger is reviewing a list of security vulnerabilities in his organization and rating them based upon their severity. Which one of the following models would be most useful to his work?
    1. CVSS
    2. STRIDE
    3. PASTA
    4. ATT&CK
  38. An attacker recently called an organization's help desk and persuaded them to reset a password for another user's account. What term best describes this attack?
    1. A human Trojan
    2. Social engineering
    3. Phishing
    4. Whaling
  39. Greg is evaluating a new vendor that will be supplying networking gear to his organization. Due to the nature of his organization's work, Greg is concerned that an attacker might attempt a supply chain exploit. Assuming that both Greg's organization and the vendor operate under reasonable security procedures, which one of the following activities likely poses the greatest supply chain risk to the equipment?
    1. Tampering by an unauthorized third party at the vendor's site
    2. Interception of devices in transit
    3. Misconfiguration by an administrator after installation
    4. Tampering by an unauthorized third party at Greg's site
  40. Kevin is operating in a single-level security environment and is seeking to classify information systems according to the type of information that they process. What procedure would be the best way for him to assign asset classifications?
    1. Assign systems the classification of information that they most commonly process.
    2. Assign systems the classification of the highest level of information that they are expected to process regularly.
    3. Assign systems the classification of the highest level of information that they are ever expected to process.
    4. Assign all systems the same classification level.

    For questions 41–43, please refer to the following scenario:

    The organization that Ben works for has a traditional on-site Active Directory environment that uses a manual provisioning process for each addition to their 350-employee company. As the company adopts new technologies, they are increasingly using software as a service applications to replace their internally developed software stack.

    Ben has been tasked with designing an identity management implementation that will allow his company to use cloud services while supporting their existing systems. Using the logical diagram shown here, answer the following questions about the identity recommendations Ben should make.

    Schematic illustration of a logical diagram of an identity management implementation.
  41. If availability of authentication services is the organization's biggest priority, what type of identity platform should Ben recommend?
    1. On-site
    2. Cloud-based
    3. Hybrid
    4. Outsourced
  42. If Ben needs to share identity information with the business partner shown, what should he investigate?
    1. Single sign-on
    2. Multifactor authentication
    3. Federation
    4. IDaaS
  43. What technology is likely to be involved when Ben's organization needs to provide authentication and authorization assertions to their cloud e-commerce application?
    1. Active Directory
    2. SAML
    3. RADIUS
    4. SPML
  44. Dave is responsible for password security in his organization and would like to strengthen the security of password files. He would like to defend his organization against the use of rainbow tables. Which one of the following techniques is specifically designed to frustrate the use of rainbow tables?
    1. Password expiration policies
    2. Salting
    3. User education
    4. Password complexity policies
  45. Helen recently built a new system as part of her organization's deception campaign. The system is configured in a manner that makes it vulnerable to attack and that conveys that it might contain highly sensitive information. What term best describes this system?
    1. Honeynet
    2. Darknet
    3. Honeypot
    4. Pseudoflaw
  46. Nandi is evaluating a set of candidate systems to replace a biometric authentication mechanism in her organization. What metric would be the best way to compare the effectiveness of the different systems?
    1. FAR
    2. FRR
    3. CER
    4. FDR
  47. Sean suspects that an individual in his company is smuggling out secret information despite his company's careful use of data loss prevention systems. He discovers that the suspect is posting photos, including the one shown here, to public internet message boards. What type of technique may the individuals be using to hide messages inside this image?
    Photo depicts the coins.

    1. Watermarking
    2. VPN
    3. Steganography
    4. Covert timing channel
  48. Roger is concerned that a third-party firm hired to develop code for an internal application will embed a backdoor in the code. The developer retains rights to the intellectual property and will only deliver the software in its final form. Which one of the following languages would be least susceptible to this type of attack because it would provide Roger with code that is human-readable in its final form?
    1. JavaScript
    2. C
    3. C++
    4. Java
  49. Jesse is looking at the /etc/passwd file on a system configured to use shadowed passwords. What should she expect to see in the password field of this file?
    1. Plaintext passwords
    2. Encrypted passwords
    3. Hashed passwords
    4. x
  50. Rob recently received a notice from a vendor that the EOL date is approaching for a firewall platform that is used in his organization. What action should Rob take?
    1. Prepare to discontinue use of the platform as soon as possible.
    2. Immediately discontinue use of the device.
    3. Prepare to discontinue use of the device as part of the organization's normal planning cycle.
    4. No action is necessary.
  51. What principle states that an individual should make every effort to complete his or her responsibilities in an accurate and timely manner?
    1. Least privilege
    2. Separation of duties
    3. Due care
    4. Due diligence
  52. Tony is developing a data classification system for his organization. What factor should he use as the primary driver when determining the classification level of each category of information?
    1. Sensitivity
    2. Source
    3. Likelihood of theft
    4. Likelihood of data loss
  53. Perry is establishing information handling requirements for his organization. He discovers that the organization often needs to send sensitive information over the internet to a supplier and is concerned about it being intercepted. What handling requirement would best protect against this risk?
    1. Require the use of transport encryption.
    2. Require proper classification and labeling.
    3. Require the use of data loss prevention technology.
    4. Require the use of storage encryption.
  54. John is developing a tangible asset inventory for his organization. Which of the following items would most likely be included in this inventory? (Select all that apply.)
    1. Intellectual property
    2. Server hardware
    3. Files stored on servers
    4. Mobile devices
  55. Maria is analyzing a security incident where she believes that an attacker gained access to a fiber-optic cable and installed a tap on that cable. What layer of the OSI model did this attack occur at?
    1. Transport
    2. Network
    3. Data Link
    4. Physical
  56. Bert is considering the use of an infrastructure as a service cloud computing partner to provide virtual servers. Which one of the following would be a vendor responsibility in this scenario?
    1. Maintaining the hypervisor
    2. Managing operating system security settings
    3. Maintaining the host firewall
    4. Configuring server access control
  57. When Ben records data and then replays it against his test website to verify how it performs based on a real production workload, what type of performance monitoring is he undertaking?
    1. Passive
    2. Proactive
    3. Reactive
    4. Replay
  58. Kailey is reviewing a set of old records maintained by her organization and wants to dispose of them securely. She is unsure how long the organization should keep the records because they involve tax data. How can Kailey determine whether the records may be disposed?
    1. Consult the organization's records retention policy.
    2. Consult IRS requirements.
    3. Retain the records for at least seven years.
    4. Retain the records permanently.
  59. Alan is considering the use of new identification cards in his organization that will be used for physical access control. He comes across a sample card and is unsure of the technology. He breaks it open and sees the following internal construction. What type of card is this?
    Photo depicts the sample identification card.
    1. Smart card
    2. Proximity card
    3. Magnetic stripe
    4. Phase-two card
  60. Mark is planning a disaster recovery test for his organization. He would like to perform a live test of the disaster recovery facility but does not want to disrupt operations at the primary facility. What type of test should Mark choose?
    1. Full interruption test
    2. Checklist review
    3. Parallel test
    4. Tabletop exercise
  61. Which one of the following is not a principle of the Agile approach to software development?
    1. The best architecture, requirements, and designs emerge from self-organizing teams.
    2. Deliver working software infrequently, with an emphasis on creating accurate code over longer timelines.
    3. Welcome changing requirements, even late in the development process.
    4. Simplicity is essential.
  62. During a security audit, Susan discovers that the organization is using hand geometry scanners as the access control mechanism for their secure data center. What recommendation should Susan make about the use of hand geometry scanners?
    1. They have a high FRR and should be replaced.
    2. A second factor should be added because they are not a good way to reliably distinguish individuals.
    3. The hand geometry scanners provide appropriate security for the data center and should be considered for other high-security areas.
    4. They may create accessibility concerns, and an alternate biometric system should be considered.
  63. Colleen is conducting a business impact assessment for her organization. What metric provides important information about the amount of time that the organization may be without a service before causing irreparable harm?
    1. MTD
    2. ALE
    3. RPO
    4. RTO
  64. Bailey is concerned that users around her organization are using sensitive information in a variety of cloud services and would like to enforce security policies consistently across those services. What security control would be best suited for her needs?
    1. DRM
    2. IPS
    3. CASB
    4. DLP
  65. Matt is designing a set of information handling requirements for his organization and would like to draw upon common industry practices. Which of the following practices should Matt implement? (Select all that apply.)
    1. Labeling both paper and electronic documents with their classification level
    2. Automatically granting senior executives full access to all classified information
    3. Automatically granting visitors access to information classified at the lowest level of sensitivity
    4. Encrypting sensitive information in storage and at rest
  66. Jerry is investigating an attack where the attacker stole an authentication token from a user's web session and used it to impersonate the user on the site. What term best describes this attack?
    1. Masquerading
    2. Replay
    3. Spoofing
    4. Modification
  67. Lisa wants to integrate with a cloud identity provider that uses OAuth 2.0, and she wants to select an appropriate authentication framework. Which of the following best suits her needs?
    1. OpenID Connect
    2. SAML
    3. RADIUS
    4. Kerberos
  68. Owen recently designed a security access control structure that prevents a single user from simultaneously holding the role required to create a new vendor and the role required to issue a check. What principle is Owen enforcing?
    1. Two-person control
    2. Least privilege
    3. Separation of duties
    4. Job rotation
  69. Denise is preparing for a trial relating to a contract dispute between her company and a software vendor. The vendor is claiming that Denise made a verbal agreement that amended their written contract. What rule of evidence should Denise raise in her defense?
    1. Real evidence rule
    2. Best evidence rule
    3. Parol evidence rule
    4. Testimonial evidence rule
  70. While Lauren is monitoring traffic on two ends of a network connection, she sees traffic that is inbound to a public IP address show up inside the production network. It is headed for an internal host with an RFC 1918 reserved destination address. What technology should she expect is in use at the network border?
    1. NAT
    2. VLANs
    3. S/NAT
    4. BGP
  71. Which of the following statements about SSAE-18 are correct? (Select all that apply.)
    1. It mandates a specific control set.
    2. It is an attestation standard.
    3. It is used for external audits.
    4. It uses a framework, including SOC 1, SOC 2, and SOC 3 reports.
  72. Elliott is using an asymmetric cryptosystem and would like to add a digital signature to a message. What key should he use to encrypt the message digest?
    1. Elliott's private key
    2. Elliott's public key
    3. Recipient's private key
    4. Recipient's public key
  73. Greg is building a disaster recovery plan for his organization and would like to determine the amount of time that it should take to restore a particular IT service after an outage. What variable is Greg calculating?
    1. MTD
    2. RTO
    3. RPO
    4. SLA
  74. What business process typically requires sign-off from a manager before modifications are made to a system?
    1. SDN
    2. Release management
    3. Change management
    4. Versioning
  75. Jen is selecting a fire suppression system for her organization's data center and would like to narrow down the list of candidates. Which one of the following suppression systems would be LEAST appropriate for use?
    1. Dry pipe
    2. Wet pipe
    3. Pre-action
    4. FM-200
  76. The company Chris works for has notifications posted at each door reminding employees to be careful to not allow people to enter when they do. Which type of control is this?
    1. Detective
    2. Physical
    3. Preventive
    4. Directive
  77. Seth is designing the physical security controls for a new facility being constructed by his organization. He would like to deter attacks to the extent possible. Which of the following controls serve as deterrents? (Select all that apply.)
    1. Motion detectors
    2. Guard dogs
    3. Mantraps
    4. Lighting
  78. Thomas recently signed an agreement for a serverless computing environment where his organization's developers will be able to write functions in Python and deploy them on the cloud provider's servers for execution. The cloud provider will manage the servers. What term best describes this model?
    1. SaaS
    2. PaaS
    3. IaaS
    4. Containerization
  79. An attacker has intercepted a large amount of data that was all encrypted with the same algorithm and encryption key. With no further information, which of the following cryptanalytic attacks are possible? (Select all that apply.)
    1. Known plaintext
    2. Chosen ciphertext
    3. Frequency analysis
    4. Brute-force

    For questions 80–82, please refer to the following scenario:

    Alex has been with the university he works at for more than 10 years. During that time, he has been a system administrator and a database administrator, and he has worked in the university's help desk. He is now a manager for the team that runs the university's web applications. Using the provisioning diagram shown here, answer the following questions.

    Schematic illustration of the process of the provisioning diagram.
  80. If Alex hires a new employee and the employee's account is provisioned after HR manually inputs information into the provisioning system based on data Alex provides via a series of forms, what type of provisioning has occurred?
    1. Discretionary account provisioning
    2. Workflow-based account provisioning
    3. Automated account provisioning
    4. Self-service account provisioning
  81. Alex has access to B, C, and D in the diagram. What concern should he raise to the university's identity management team?
    1. The provisioning process did not give him the rights he needs.
    2. He has excessive privileges.
    3. Privilege creep may be taking place.
    4. Logging is not properly enabled.
  82. When Alex changes roles, what should occur?
    1. He should be de-provisioned, and a new account should be created.
    2. He should have his new rights added to his existing account.
    3. He should be provisioned for only the rights that match his role.
    4. He should have his rights set to match those of the person he is replacing.
  83. Robert is reviewing a system that has been assigned the EAL2 evaluation assurance level under the Common Criteria. What is the highest level of assurance that he may have about the system?
    1. It has been functionally tested.
    2. It has been structurally tested.
    3. It has been formally verified, designed, and tested.
    4. It has been semiformally designed and tested.
  84. Adam is processing an access request for an end user. What two items should he verify before granting the access?
    1. Separation and need to know
    2. Clearance and endorsement
    3. Clearance and need to know
    4. Second factor and clearance
  85. During what phase of the electronic discovery reference model does an organization ensure that potentially discoverable information is protected against alteration or deletion?
    1. Identification
    2. Preservation
    3. Collection
    4. Processing
  86. Dana is selecting a hash function for use in her organization and would like to balance a concern for a cryptographically strong hash with the speed and efficiency of the algorithm. Which one of the following hash functions would best meet her needs?
    1. MD5
    2. RIPEMD
    3. SHA-2
    4. SHA-3
  87. Harry would like to access a document owned by Sally stored on a file server. Applying the subject/object model to this scenario, who or what is the object of the resource request?
    1. Harry
    2. Sally
    3. File server
    4. Document
  88. What is the process that occurs when the Session layer removes the header from data sent by the Transport layer?
    1. Encapsulation
    2. Packet unwrapping
    3. De-encapsulation
    4. Payloading
  89. Rob is reviewing his organization's campus for physical security using the Crime Prevention Through Environmental Design (CPTED) framework. Which one of the following is NOT a strategy in this framework?
    1. Natural intrusion detection
    2. Natural access control
    3. Natural surveillance
    4. Natural territorial reinforcement
  90. What markup language uses the concepts of a requesting authority, a provisioning service point, and a provisioning service target to handle its core functionality?
    1. SAML
    2. SAMPL
    3. SPML
    4. XACML
  91. What type of risk assessment uses tools such as the one shown here?
    Schematic illustration of a tool used by the type of risk assessment.
    1. Quantitative
    2. Loss expectancy
    3. Financial
    4. Qualitative
  92. MAC models use three types of environments. Which of the following is not a mandatory access control design?
    1. Hierarchical
    2. Bracketed
    3. Compartmentalized
    4. Hybrid
  93. Mandy is the team leader for a project team that includes six people. She would like to provide those people with the ability to communicate privately, such that any pair of people can exchange communications that are not subject to interception by anyone else (team member or nonteam member). She is using an asymmetric encryption algorithm. How many keys are required to implement these requirements?
    1. 6
    2. 12
    3. 15
    4. 36
  94. Sally is wiring a gigabit Ethernet network. What cabling choices should she make to ensure she can use her network at the full 1000 Mbps she wants to provide to her users?
    1. Cat 5 and Cat 6
    2. Cat 5e and Cat 6
    3. Cat 4e and Cat 5e
    4. Cat 6 and Cat 7
  95. Ursula is seeking to expand the reach and scalability of her organization's website. She would like to position copies of her data around the world in locations close to website visitors to reduce loading time and the burden on her servers. What type of cloud service would best meet her needs?
    1. IaaS
    2. Containerization
    3. CDN
    4. SaaS
  96. Robert is the network administrator for a small business and recently installed a new firewall. After seeing signs of unusually heavy network traffic, he checked his intrusion detection system, which reported that a smurf attack was underway. What firewall configuration change can Robert make to most effectively prevent this attack?
    1. Block the source IP address of the attack.
    2. Block inbound UDP traffic.
    3. Block the destination IP address of the attack.
    4. Block inbound ICMP traffic.
  97. Which one of the following types of firewalls does not have the ability to track connection status between different packets?
    1. Stateful inspection
    2. Application proxy
    3. Packet filter
    4. Next generation
  98. Frances is concerned that equipment failures within her organization's servers will lead to a loss of power to those servers. Which one of the following controls would best address this risk?
    1. Redundant power sources
    2. Backup generators
    3. Dual power supplies
    4. Uninterruptible power supplies
  99. Peter is reviewing the remote access technologies used by his organization and would like to eliminate the use of any techniques that do not include built-in encryption. Which of the following approaches should he retain? (Select all that apply.)
    1. RDP
    2. Telnet
    3. SSH
    4. Dial-up
  100. Matthew is experiencing issues with the quality of network service on his organization's network. The primary symptom is that packets are occasionally taking too long to travel from their source to their destination. The length of this delay changes for individual packets. What term describes the issue Matthew is facing?
    1. Latency
    2. Jitter
    3. Packet loss
    4. Interference
  101. Gavin is an internal auditor working to assess his organization's cybersecurity posture. Which of the following would be appropriate recipients of the reports he generates from his work? (Select all that apply.)
    1. Managers
    2. Individual contributors
    3. Suppliers
    4. Board members
  102. Kim is conducting testing of a web application developed by her organization and would like to ensure that it is accessible from all commonly used web browsers. What type of testing should she conduct?
    1. Regression testing
    2. Interface testing
    3. Fuzzing
    4. White-box testing
  103. Kathleen is implementing an access control system for her organization and builds the following array:

    Reviewers: update files, delete files

    Submitters: upload files

    Editors: upload files, update files

    Archivists: delete files

    What type of access control system has Kathleen implemented?

    1. Role-based access control
    2. Task-based access control
    3. Rule-based access control
    4. Discretionary access control
  104. Alan is installing a fire suppression system that will activate after a fire breaks out and protect the equipment in the data center from extensive damage. What metric is Alan attempting to lower?
    1. Likelihood
    2. RTO
    3. RPO
    4. Impact
  105. Alan's Wrenches recently developed a new manufacturing process for its product. They plan to use this technology internally and not share it with others. They would like it to remain protected for as long as possible. What type of intellectual property protection is best suited for this situation?
    1. Patent
    2. Copyright
    3. Trademark
    4. Trade secret
  106. Ben wants to interface with the National Vulnerability Database using a standardized protocol. What option should he use to ensure that the tools he builds work with the data contained in the NVD?
    1. XACML
    2. SCML
    3. VSML
    4. SCAP
  107. Ron's organization does not have the resources to conduct penetration testing that uses time-intensive manual techniques, but he would like to achieve some of the benefits of penetration testing. Which one of the following techniques could he engage in that requires the least manual effort?
    1. White-box testing
    2. Black-box testing
    3. Gray-box testing
    4. Breach and attack simulation
  108. In the figure shown here, Harry's request to read the data file is blocked. Harry has a Secret security clearance, and the data file has a Top Secret classification. What principle of the Bell–LaPadula model blocked this request?
    Schematic illustration of Harry's blocked read request for the data file.
    1. Simple Security Property
    2. Simple Integrity Property
    3. *-Security Property
    4. Discretionary Security Property
  109. Norm is starting a new software project with a vendor that uses an SDLC approach to development. When he arrives on the job, he receives a document that has the sections shown here. What type of planning document is this?
    Schematic illustration of a type of planning document to start a new software project.
    1. Functional requirements
    2. Work breakdown structure
    3. Test analysis report
    4. Project plan
  110. Kolin is searching for a network security solution that will allow him to help reduce zero-day attacks while using identities to enforce a security policy on systems before they connect to the network. What type of solution should Kolin implement?
    1. A firewall
    2. A NAC system
    3. An intrusion detection system
    4. Port security
  111. Gwen comes across an application that is running under a service account on a web server. The service account has full administrative rights to the server. What principle of information security does this violate?
    1. Need to know
    2. Separation of duties
    3. Least privilege
    4. Job rotation
  112. Ed is developing a set of key performance and risk indicators for his organization's information security program. Which of the following are commonly used indicators? (Select all that apply.)
    1. Number of scheduled audits
    2. Time to resolve vulnerabilities
    3. Number of malicious site visit attempts
    4. Number of account compromises
  113. Kara is documenting the results of a vulnerability scan. After reviewing one finding, she determined that the vulnerability did exist. The team then implemented a configuration change that corrected the issue. How should Kara classify this vulnerability in her report?
    1. True positive
    2. True negative
    3. False positive
    4. False negative

    For questions 114–116, please refer to the following scenario:

    During a web application vulnerability scanning test, Steve runs Nikto against a web server he believes may be vulnerable to attacks. Using the Nikto output shown here, answer the following questions.

    Snapshot of the Nikto output.
  114. Why does Nikto flag the /test directory?
    1. The /test directory allows administrative access to PHP.
    2. It is used to store sensitive data.
    3. Test directories often contain scripts that can be misused.
    4. It indicates a potential compromise.
  115. Why does Nikto identify directory indexing as an issue?
    1. It lists files in a directory.
    2. It may allow for XDRF.
    3. Directory indexing can result in a denial-of-service attack.
    4. Directory indexing is off by default, potentially indicating compromise.
  116. Nikto lists OSVDB-877, noting that the system may be vulnerable to XST. What would this type of attack allow an attacker to do?
    1. Use cross-site targeting.
    2. Steal a user's cookies.
    3. Counter SQL tracing.
    4. Modify a user's TRACE information.
  117. Who would be the most appropriate supervisor for an organization's chief audit executive (CAE)?
    1. CIO
    2. CISO
    3. CEO
    4. CFO
  118. Ursula believes that many individuals in her organization are storing sensitive information on their laptops in a manner that is unsafe and potentially violates the organization's security policy. What control can she use to identify the presence of these files?
    1. Network DLP
    2. Network IPS
    3. Endpoint DLP
    4. Endpoint IPS
  119. In what cloud computing model does the customer build a cloud computing environment in his or her own data center or build an environment in another data center that is for the customer's exclusive use?
    1. Public cloud
    2. Private cloud
    3. Hybrid cloud
    4. Shared cloud
  120. Which one of the following technologies is designed to prevent a web server going offline from becoming a single point of failure in a web application architecture?
    1. Load balancing
    2. Dual-power supplies
    3. IPS
    4. RAID
  121. Alice wants to send Bob a message with the confidence that Bob will know the message was not altered while in transit. What security goal is Alice trying to achieve?
    1. Confidentiality
    2. Nonrepudiation
    3. Authentication
    4. Integrity
  122. What network topology is shown here?
    Schematic illustration of a network topology.
    1. A ring
    2. A bus
    3. A star
    4. A mesh
  123. Monica is developing a software application that calculates an individual's body mass index for use in medical planning. She would like to include a control on the field where the physician enters an individual's weight to ensure that the weight falls within an expected range. What type of control should Monica use?
    1. Fail open
    2. Fail secure
    3. Limit check
    4. Buffer bounds
  124. Match the following numbered types of testing methodologies with the lettered correct level of knowledge:

    Testing methodologies

    1. Black box
    2. White box
    3. Gray box

    Level of knowledge

    1. Full knowledge of the system
    2. Partial or incomplete knowledge
    3. No prior knowledge of the system
  125. Match the following lettered factors to their numbered type:


    1. A PIN
    2. A token
    3. A fingerprint
    4. A password
    5. A smart card
    6. A retinal scan
    7. A security question/answer


    1. Something you know
    2. Something you have
    3. Something you are
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.