Term
What is the correct approach for addressing security and organization objectives?
a.Security and organization objectives should be developed separately
b.Security should drive organization objectives
c.Security should support support organization objectives
d.The site security officer should approve or reject organization objectives |
|
Definition
| c.Security should support support organization objectives |
|
|
Term
The two components of risk management are:
a.Risk assessment and risk analysis
b.Vulnerability assessment and risk
treatment
c.Risk assessment and risk mitigation
d.Risk assessment and risk treatment |
|
Definition
| d.Risk assessment and risk treatment |
|
|
Term
The impact of a specific threat is defined as:
a.The cost of recovering the asset
b.The cost required to protect the related asset
c.The effect of the threat if it is realized
d.The loss of revenue if it is realized |
|
Definition
| c.The effect of the threat if it is realized |
|
|
Term
Exposure factor is defined as:
a.The part of an asset's value that is likely to be lost by a particular threat
b.The probability that the threat will be realized
c.The probability that a loss will occur in a year's time
d.The cost of a single loss |
|
Definition
| a.The part of an asset's value that is likely to be lost by a particular threat |
|
|
Term
A security manager is performing a quantitative risk assessment on a particular asset. The security manager wants to determine the quantitative loss for a single loss based on a particular threat. The correct way to calculate this is:
a.Divide the asset's value by the exposure factor
b.Multiply the asset's value times the annualized rate of occurrence
c.Multiply the asset's value times the single loss expectancy
d.Multiply the asset's value times the exposure factor |
|
Definition
| d.Multiply the asset's value times the exposure factor |
|
|
Term
A security manager is performing a quantitative risk assessment on a particular asset. The security manager wants to estimate the yearly loss based on a particular threat. The correct way to calculate this is::
a.Multiply the single loss expectancy times the asset's value
b.Multiply the asset's value times the exposure factor
c.Multiply the asset's value times the exposure factor times the single loss expectancy
d.Multiply the single loss expectancy times the annualized rate of occurrence |
|
Definition
| d.Multiply the single loss expectancy times the annualized rate of occurrence |
|
|
Term
An organization suffered a virus outbreak when malware was download by an employee in a spam message. This outbreak might not have happened had the organization followed what security principle:
a.Heterogeneity
c.Integrity
b.Fortress
d.Defense in depth |
|
Definition
|
|
Term
The statement, “Information systems should be configured to require strong passwords”, is an example of a/an:
a.Security requirement
c.Security objective
b.Security policy
d.Security control |
|
Definition
|
|
Term
An organization wishes to purchase an application, and is undergoing a formal procurement process to evaluate and select a product. What documentation should the organization use to make sure that the application selected has the appropriate security-related characteristics?
a.Security guidelines
c.Security requirements
b.Security policies
d.Functional requirements |
|
Definition
|
|
Term
A security manager is developing a data classification policy. What elements need to be in the policy?
a.Sensitivity levels, marking procedures,
access procedures, and handling procedures
b.Labeling procedures, access procedures, and handling procedures
c.Sensitivity levels, access procedures, and handling procedures
d.Sensitivity levels and handling procedures |
|
Definition
| a.Sensitivity levels, marking procedures, access procedures, and handling procedures |
|
|
Term
An employee with a previous criminal history was terminated. The former employee leaked several sensitive documents to the news media. To prevent this, the organization should have:
a.Reviewed access logs
b.Restricted the employee’s access to sensitive information
c.Obtained a signed non-disclosure statement
d.Performed a background verification prior to hiring the employee |
|
Definition
| d.Performed a background verification prior to hiring the employee |
|
|
Term
An organization recently underwent an audit of its financial applications. The audit report stated that there were several segregation of duties issues that were related to IT support of the application. What does this mean?
a.IT personnel should not have access to financial data
b.The duties of personnel are not formally defined
c.IT needs to begin the practice of job rotation
d.Individuals in IT have too many roles or privileges |
|
Definition
| d.Individuals in IT have too many roles or privileges |
|
|
Term
An organization employs hundreds of office workers that use computers to perform their tasks. What is the best plan for informing employees about security issues?
a.Include security policy in the employee handbook
b.Perform security awareness training at the time of hire and annually thereafter
c.Perform security awareness training at the time of hire
d.Require employees to sign the corporate security policy |
|
Definition
| b.Perform security awareness training at the time of hire and annually thereafter |
|
|
Term
An information system that processes sensitive information is configured to require a valid userid and strong password from any user. This process of accepting and validating this information is known as:
a.Authentication
c.Two factor authentication
b.Strong authentication
d.Single sign-on |
|
Definition
|
|
Term
All of the following are advantages of using self-signed SSL certificates EXCEPT:
a.Server authentication
c.Easier to create
b.Lower cost
d.More difficult to crack |
|
Definition
|
|
Term
The best defense against a NOP sled attack is:
a.Firewall
c.The strcpy() function
b.Anti-virus
d.Input boundary checking |
|
Definition
| d.Input boundary checking |
|
|
Term
The instructions contained with an object are known as its:
a.Class
c.Code
b.Firmware
d.Method |
|
Definition
|
|
Term
The purpose for putting a “canary” value in the stack is:
a.To detect a dictionary attack
c.To detect parameter tampering
b.To detect a stack smashing attack
d.To detect script injection |
|
Definition
| b.To detect a stack smashing attack |
|
|
Term
Rootkits can be difficult to detect because:
a.They are encrypted
b.They are polymorphic
c.They reside in ROM instead of the hard drive
d.They use techniques to hide themselves |
|
Definition
| d.They use techniques to hide themselves |
|
|
Term
An attack on a DNS server to implant forged “A” records is characteristic of a:
a.Pharming attack
c.Whaling attack
b.Phishing attack
d.Spim attack |
|
Definition
|
|
Term
An organization wants to prevent SQL and script injection attacks on its Internet web application. The organization should implement a/an:
a.Intrusion detection system
c.Application firewall
b.Firewall
d.SSL certificate |
|
Definition
|
|
Term
A defense in depth strategy for anti-malware is recommended because:
a.There are many malware attack vectors
b.Anti-virus software is often troublesome on end user workstations
c.Malware can hide in SSL transmissions
d.Users can defeat anti-malware on their workstations |
|
Definition
| a.There are many malware attack vectors |
|
|
Term
The primary advantage of the use of workstation-based anti-virus is:
a.Virus signature updates can be performed less often
b.Virus signature updates can be performed more often
c.The user can control its configuration
d.This approach can defend against most, if not all, attack vectors |
|
Definition
| d.This approach can defend against most, if not all, attack vectors |
|
|
Term
At the beginning of a disaster recovery planning project, the project team will be compiling a list of all of the organization’s most important business processes. This phase of the project is known as:
a.Business Impact Analysis
b.Risk Analysis
c.Business Process Analysis
d.Determination of maximum tolerable
downtime (MTD) |
|
Definition
| a.Business Impact Analysis |
|
|
Term
In what sequence should a disaster recovery planning project be performed?
a.Business Impact Analysis, Maximum Tolerable Downtime, Recovery Point Objective, Recovery Time Objective, training, testing
b.Survey business processes, threat and risk analysis, develop recovery targets, criticality analysis
c.Project plan, risk assessment, statements of impact, criticality analysis, recovery targets, test recovery plans
d.Project plan, Business Impact Analysis, develop recovery plans, train personnel, test recovery plans |
|
Definition
| d.Project plan, Business Impact Analysis, develop recovery plans, train personnel, test recovery plans |
|
|
Term
Benefits from disaster recovery and business continuity planning include all of the following EXCEPT:
a.Improved system resilience
c.Improved market advantage
b.Process improvements
d.Improved performance |
|
Definition
|
|
Term
The types of BCP and DRP tests are:
a.Document review, walkthrough, parallel test, cutover test
b.Document review, walkthrough, simulation, parallel test, cutover test
c.Document review, walkthrough, sanity test, parallel test, cutover test
d.Walkthrough, simulation, parallel test, cutover test, live test |
|
Definition
| b.Document review, walkthrough, simulation, parallel test, cutover test |
|
|
Term
The purpose of a parallel test is:
a.To determine the ability to perform live business transactions on production systems instead of on backup systems
b.To determine the ability for a recovery test to be interrupted
c.To determine the ability to perform live business transactions on production systems and backup systems at the same time
d.To determine the ability for the last minute substitution of a recovery team |
|
Definition
| c.To determine the ability to perform live business transactions on production systems and backup systems at the same time |
|
|
Term
The greatest risk related to a cutover test is:
a.If backup servers do not function correctly, the test will fail
b.A cutover test tests only the live load and not the switchover
c.A cutover test tests only the switchover and not the live load
d.If backup servers do not function correctly, critical business processes may fail |
|
Definition
| d.If backup servers do not function correctly, critical business processes may fail |
|
|
Term
An organization that is building a disaster recovery capability needs to re-engineer its application servers to meet new recovery requirements of 4 hour RPO and 24 hour RTO. Which of the following approaches will best meet this objective?
a.Active/Passive server cluster with replication
b.Tape backup and restore to a hot site
c.Tape backup and restore to a cold site
d.Server cluster with shared storage |
|
Definition
| a.Active/Passive server cluster with replication |
|
|
Term
The purpose of a server cluster includes all of the following EXCEPT:
a.Improve an application’s availability
c.Increase an application’s data storage
b.Increase an application’s capacity
d.Provide fault tolerance |
|
Definition
| c.Increase an application’s data storage |
|
|
Term
The purpose of off-site media storage is:
a.To protect media from damage in the event of a disaster
b.To protect media from theft
c.To provide additional storage not available on-site
d.To meet regulatory requirements for media protection |
|
Definition
| a.To protect media from damage in the event of a disaster |
|
|
Term
An organization that is performing a disaster recovery planning project has determined that it needs to have on-site electric power available for as long as ten days, in the event of an electric utility failure. The best approach for this requirement is:
a.Uninterruptible power supply (UPS) and power distribution unit (PDU)
b.Electric generator
c.Uninterruptible power supply (UPS)
d.Uninterruptible power supply (UPS) and electric generator |
|
Definition
| d.Uninterruptible power supply (UPS) and electric generator |
|
|
Term
The first priority for disaster response should be:
a.Backup media
c.Personnel safety
b.Paper records
d.Remote access |
|
Definition
|
|
Term
Which of the following would NOT be on a list of parties to notify in the event of a disaster-related emergency:
a.Civil authorities
c.Shareholders
b.Utilities
d.Customers |
|
Definition
|
|
Term
Why is disaster recovery-related training a vital component in a DRP project?
a.The plan will be able to be certified
b.Recovery is performed by outside organizations
c.The personnel who are most familiar with systems may be unavailable during a disaster
d.Personnel may be unfamiliar with recovery procedures |
|
Definition
| c.The personnel who are most familiar with systems may be unavailable during a disaster |
|
|
Term
Public key cryptography is so-named because:
a.It is the world standard for HTTPS
b.It works on all popular computer operating systems
c.It uses an encryption key that can be released to the public
d.The encryption algorithms reside in the public domain |
|
Definition
| c.It uses an encryption key that can be released to the public |
|
|
Term
A security manager is searching for an encryption algorithm to be used to encrypt data files containing sensitive information. Which of the following algorithms should NOT be considered:
a.FISH
c.Blowfish
b.Twofish
d.CAST |
|
Definition
|
|
Term
A particular encryption algorithm transforms plaintext to ciphertext by XORing the plaintext with the encryption key. This is known as:
a.Electronic codebook
c.Block cipher
b.Cipher block chaining
d.Stream cipher |
|
Definition
|
|
Term
Two parties that have never communicated before wish to send messages using symmetric encryption key cryptography. How should the parties begin?
a.The receiving party should send its public encryption key to the transmitting party
b.Each party should exchange public encryption keys
c.Each party should send the encryption key via the communications channel to the other party
d.One party should transmit the encryption key via an out of band communications channel to the other party |
|
Definition
| d.One party should transmit the encryption key via an out of band communications channel to the other party |
|
|
Term
Two parties that have never communicated before wish to send messages using asymmetric key cryptography. How should the parties begin?
a.The receiving party should send its private encryption key to the transmitting party.
b.The transmitting party should send its private encryption key to the receiving party.
c.The receiving party should send its public encryption key to the transmitting party.
d.The transmitting party should send its public encryption key to the receiving party. |
|
Definition
| c.The receiving party should send its public encryption key to the transmitting party. |
|
|
Term
Two parties, Party A and Party B, regularly exchange messages using public key cryptography. One party, Party A, believes that its private encryption key has been compromised. What action should Party B take?
a.Request a new public key from Party A
c.Send a new public key to Party A
b.Request a new private key from Party A
d.Send a new private key to Party A |
|
Definition
| a.Request a new public key from Party A |
|
|
Term
The Advanced Encryption Standard is another name for which cipher:
a.Digital Encryption Algorithm (DEA)
b.3DES
c.Rijndael
d.International Data Encryption Algorithm (IDEA) |
|
Definition
|
|
Term
The Data Encryption Standard:
a.Is used by Secure Sockets Layer (SSL)
encryption
b.Has been replaced by the International
Data Encryption Algorithm (IDEA)
c.Uses a 64-bit encryption key
d.Uses a 56-bit encryption key |
|
Definition
| d.Uses a 56-bit encryption key |
|
|
Term
Two parties are exchanging messages using public key cryptography. Which of the following statements describes the proper procedure for transmitting an encrypted message?
a.The sender encrypts the message using the recipient’s public key, and the recipient decrypts the message using the recipient’s private key
b.The sender encrypts the message using the sender’s public key, and the recipient decrypts the message using the recipient’s public key
c.The sender encrypts the message using the sender’s private key, and the recipient decrypts the message using the recipient’s private key
d.The sender encrypts the message using the sender’s public key, and the recipient decrypts the message using the sender’s public key |
|
Definition
| a.The sender encrypts the message using the recipient’s public key, and the recipient decrypts the message using the recipient’s private key |
|
|
Term
The purpose of digitally signing a message is to ensure:
a.Integrity of the sender
c.Authenticity of the sender
b.Confidentiality of the message
d.Confidentiality of the sender |
|
Definition
| c.Authenticity of the sender |
|
|
Term
The purpose of digitally signing a message is to ensure:
a.Integrity of the message
c.Integrity of the sender
b.Confidentiality of the message
d.Confidentiality of the sender |
|
Definition
| a.Integrity of the message |
|
|
Term
The purpose of the Diffie-Hellman key exchange protocol is:
a.To decrypt a symmetric encryption key
b.To encrypt a symmetric encryption key
c.To permit two parties who have never communicated to establish public encryption keys
d.To permit two parties who have never communicated to establish a secret encryption key |
|
Definition
| d.To permit two parties who have never communicated to establish a secret encryption key |
|
|
Term
An attacker is attempting to learn the encryption key that is used to protect messages being sent between two parties. The attacker is able to create his own messages, get them encrypted by one of the parties, and can then examine the ciphertext for his message. This type of attack is known as:
a.Ciphertext only attack
c.Chosen plaintext attack
b.Chosen ciphertext attack
d.Man in the middle attack |
|
Definition
| c.Chosen plaintext attack |
|
|
Term
Which is the best approach for two parties who wish to establish a means for confirming the confidentiality and integrity of messages that they exchange:
a.Digital signatures
c.Key exchange
b.Encryption and digital signatures
d.Encryption |
|
Definition
| b.Encryption and digital signatures |
|
|
