Frage 1
Frage
Jesse is looking at the /etc/passwd file on a system configured to use
shadowed passwords. What should she expect to see in the password
field of this file?
Antworten
-
A. Plaintext passwords
-
B. Encrypted passwords
-
C. Hashed passwords
-
D. x
Frage 2
Frage
SYN floods rely on implementations of what protocol to cause denial
of service conditions?
Antworten
-
A. IGMP
-
B. UDP
-
C. TCP
-
D. ICMP
Frage 3
Frage
What principle states that an individual should make every effort to
complete his or her responsibilities in an accurate and timely manner?
Antworten
-
A. Least privilege
-
B. Separation of duties
-
C. Due care
-
D. Due diligence
Frage 4
Frage
Cable modems, ISDN, and DSL are all examples of what type of
technology?
Antworten
-
A. Baseband
-
B. Broadband
-
C. Digital
-
D. Broadcast
Frage 5
Frage
What penetration testing technique can best help assess training and
awareness issues?
Frage 6
Frage
Bill implemented RAID level 5 on a server that he operates using a
total of three disks. How many disks may fail without the loss of data?
Frage 7
Frage
Data is sent as bits at what layer of the OSI model?
Antworten
-
A. Transport
-
B. Network
-
C. Data Link
-
D. Physical
Frage 8
Frage
Bert is considering the use of an infrastructure as a service cloud
computing partner to provide virtual servers. Which one of the
following would be a vendor responsibility in this scenario?
Antworten
-
A. Maintaining the hypervisor
-
B. Managing operating system security settings
-
C. Maintaining the host firewall
-
D. Configuring server access control
Frage 9
Frage
When Ben records data and then replays it against his test website to
verify how it performs based on a real production workload, what type
of performance monitoring is he undertaking?
Antworten
-
A. Passive
-
B. Proactive
-
C. Reactive
-
D. Replay
Frage 10
Frage
What technology ensures that an operating system allocates separate
memory spaces used by each application on a system?
Antworten
-
A. Abstraction
-
B. Layering
-
C. Data hiding
-
D. Process isolation
Frage 11
Frage
Alan is considering the use of new identification cards in his
organization that will be used for physical access control. He comes
across a sample card and is unsure of the technology. He breaks it
open and sees the following internal construction. What type of card is
this?
Antworten
-
A. Smart card
-
B. Proximity card
-
C. Magnetic stripe
-
D. Phase-two card
Frage 12
Frage
Mark is planning a disaster recovery test for his organization. He
would like to perform a live test of the disaster recovery facility but
does not want to disrupt operations at the primary facility. What type
of test should Mark choose?
Frage 13
Frage
Which one of the following is not a principle of the Agile approach to
software development?
Antworten
-
A. The best architecture, requirements, and designs emerge from self-organizing teams.
-
B. Deliver working software infrequently, with an emphasis on creating accurate code over longer timelines.
-
C. Welcome changing requirements, even late in the development process.
-
D. Simplicity is essential.
Frage 14
Frage
During a security audit, Susan discovers that the organization is using
hand geometry scanners as the access control mechanism for their
secure data center. What recommendation should Susan make about
the use of hand geometry scanners?
Antworten
-
A. They have a high FRR and should be replaced.
-
B. A second factor should be added because they are not a good way to reliably distinguish individuals.
-
C. The hand geometry scanners provide appropriate security for the data center and should be considered for other high-security areas.
-
D. They may create accessibility concerns, and an alternate biometric system should be considered.
Frage 15
Frage
Colleen is conducting a business impact assessment for her
organization. What metric provides important information about the
amount of time that the organization may be without a service before
causing irreparable harm?
Antworten
-
A. MTD
-
B. ALE
-
C. RPO
-
D. RTO
Frage 16
Frage
An attack that changes a symlink on a Linux system between the time
that an account’s rights to the file are verified and the file is accessed is
an example of what type of attack?
Antworten
-
A. Unlinking
-
B. Tick/tock
-
C. setuid
-
D. TOCTOU
Frage 17
Frage
An authentication factor that is “something you have,” and that
typically includes a microprocessor and one or more certificates, is
what type of authenticator?
Frage 18
Frage
What term best describes an attack that relies on stolen or falsified
authentication credentials to bypass an authentication mechanism?
Antworten
-
A. Spoofing
-
B. Replay
-
C. Masquerading
-
D. Modification
Frage 19
Frage
Lisa wants to integrate with a cloud identity provider that uses OAuth
2.0, and she wants to select an appropriate authentication framework.
Which of the following best suits her needs?
Antworten
-
A. OpenID Connect
-
B. SAML
-
C. RADIUS
-
D. Kerberos
Frage 20
Frage
Owen recently designed a security access control structure that
prevents a single user from simultaneously holding the role required
to create a new vendor and the role required to issue a check. What
principle is Owen enforcing?
Antworten
-
A. Two-person control
-
B. Least privilege
-
C. Separation of duties
-
D. Job rotation
Frage 21
Frage
Denise is preparing for a trial relating to a contract dispute between
her company and a software vendor. The vendor is claiming that
Denise made a verbal agreement that amended their written contract.
What rule of evidence should Denise raise in her defense?
Frage 22
Frage
While Lauren is monitoring traffic on two ends of a network
connection, she sees traffic that is inbound to a public IP address show
up inside the production network bound for an internal host that uses
an RFC 1918 reserved address. What technology should she expect is
in use at the network border?
Antworten
-
A. NAT
-
B. VLANs
-
C. S/NAT
-
D. BGP
Frage 23
Frage
Which of the following statements about SSAE-18 is not true?
Antworten
-
A. It mandates a specific control set.
-
B. It is an attestation standard.
-
C. It is used for external audits.
-
D. It uses a framework, including SOC 1, SOC 2, and SOC 3 reports.
Frage 24
Frage
What does a constrained user interface do?
Antworten
-
A. It prevents unauthorized users from logging in.
-
B. It limits the data visible in an interface based on the content.
-
C. It limits the access a user is provided based on what activity they are performing.
-
D. It limits what users can do or see based on privileges.
Frage 25
Frage
Greg is building a disaster recovery plan for his organization and
would like to determine the amount of time that it should take to
restore a particular IT service after an outage. What variable is Greg
calculating?
Antworten
-
A. MTD
-
B. RTO
-
C. RPO
-
D. SLA
Frage 26
Frage
What business process typically requires sign-off from a manager
before modifications are made to a system?
Antworten
-
A. SDN
-
B. Release management
-
C. Change management
-
D. Versioning
Frage 27
Frage
What type of fire extinguisher is useful against liquid-based fires?
Antworten
-
A. Class A
-
B. Class B
-
C. Class C
-
D. Class D
Frage 28
Frage
The company Chris works for has notifications posted at each door
reminding employees to be careful to not allow people to enter when
they do. Which type of controls best describes this?
Antworten
-
A. Detective
-
B. Physical
-
C. Preventive
-
D. Directive
Frage 29
Frage
Which one of the following principles is not included in the seven EUU.
S. Privacy Shield provisions?
Antworten
-
A. Access
-
B. Security
-
C. Recourse
-
D. Nonrepudiation
Frage 30
Frage
What group is eligible to receive safe harbor protection under the
terms of the Digital Millennium Copyright Act (DMCA)?
Frage 31
Frage
Alex is the system owner for the HR system at a major university.
According to NIST SP 800-18, what action should he take when a
significant change occurs in the system?
Antworten
-
A. He should develop a data confidentiality plan.
-
B. He should update the system security plan.
-
C. He should classify the data the system contains.
-
D. He should select custodians to handle day-to-day operational tasks.
Frage 32
Frage
Alex has been with the university he works at for over 10 years.
During that time, he has been a system administrator and a
database administrator, and he has worked in the university’s help
desk. He is now a manager for the team that runs the university’s
web applications. Using the provisioning diagram shown here,
answer the following questions.
If Alex hires a new employee and the employee’s account is
provisioned after HR manually inputs information into the
provisioning system based on data Alex provides via a series of forms,
what type of provisioning has occurred?
Antworten
-
A. Discretionary account provisioning
-
B. Workflow-based account provisioning
-
C. Automated account provisioning
-
D. Self-service account provisioning
Frage 33
Frage
Alex has been with the university he works at for over 10 years.
During that time, he has been a system administrator and a
database administrator, and he has worked in the university’s help
desk. He is now a manager for the team that runs the university’s
web applications. Using the provisioning diagram shown here,
answer the following questions.
Alex has access to B, C, and D. What concern should he raise to the
university’s identity management team?
Antworten
-
A. The provisioning process did not give him the rights he needs.
-
B. He has excessive privileges.
-
C. Privilege creep may be taking place.
-
D. Logging is not properly enabled.
Frage 34
Frage
Alex has been with the university he works at for over 10 years.
During that time, he has been a system administrator and a
database administrator, and he has worked in the university’s help
desk. He is now a manager for the team that runs the university’s
web applications. Using the provisioning diagram shown here,
answer the following questions.
When Alex changes roles, what should occur?
Antworten
-
A. He should be de-provisioned and a new account should be created.
-
B. He should have his new rights added to his existing account.
-
C. He should be provisioned for only the rights that match his role.
-
D. He should have his rights set to match those of the person he is replacing.
Frage 35
Frage
Robert is reviewing a system that has been assigned the EAL2
evaluation assurance level under the Common Criteria. What is the
highest level of assurance that he may have about the system?
Antworten
-
A. It has been functionally tested.
-
B. It has been structurally tested.
-
C. It has been formally verified, designed, and tested.
-
D. It has been semiformally designed and tested.
Frage 36
Frage
Adam is processing an access request for an end user. What two items
should he verify before granting the access?
Antworten
-
A. Separation and need to know
-
B. Clearance and endorsement
-
C. Clearance and need to know
-
D. Second factor and clearance
Frage 37
Frage
During what phase of the electronic discovery reference model does an
organization ensure that potentially discoverable information is
protected against alteration or deletion?
Antworten
-
A. Identification
-
B. Preservation
-
C. Collection
-
D. Processing
Frage 38
Frage
Nessus, OpenVAS, and SAINT are all examples of what type of tool?
Frage 39
Frage
Harry would like to access a document owned by Sally stored on a file
server. Applying the subject/object model to this scenario, who or
what is the object of the resource request?
Antworten
-
A. Harry
-
B. Sally
-
C. File server
-
D. Document
Frage 40
Frage
What is the process that occurs when the Session layer removes the
header from data sent by the Transport layer?
Antworten
-
A. Encapsulation
-
B. Packet unwrapping
-
C. De-encapsulation
-
D. Payloading
Frage 41
Frage
Which of the following tools is best suited to testing known exploits
against a system?
Antworten
-
A. Nikto
-
B. Ettercap
-
C. Metasploit
-
D. THC Hydra
Frage 42
Frage
What markup language uses the concepts of a Requesting Authority, a
Provisioning Service Point, and a Provisioning Service Target to
handle its core functionality?
Antworten
-
A. SAML
-
B. SAMPL
-
C. SPML
-
D. XACML
Frage 43
Frage
What type of risk assessment uses tools such as the one shown here?
Antworten
-
A. Quantitative
-
B. Loss expectancy
-
C. Financial
-
D. Qualitative
Frage 44
Frage
MAC models use three types of environments. Which of the following
is not a mandatory access control design?
Antworten
-
A. Hierarchical
-
B. Bracketed
-
C. Compartmentalized
-
D. Hybrid
Frage 45
Frage
What level of RAID is also called disk striping with parity?
Antworten
-
A. RAID 0
-
B. RAID 1
-
C. RAID 5
-
D. RAID 10
Frage 46
Frage
Sally is wiring a gigabit Ethernet network. What cabling choices
should she make to ensure she can use her network at the full 1000
Mbps she wants to provide to her users?
Antworten
-
A. Cat 5 and Cat 6
-
B. Cat 5e and Cat 6
-
C. Cat 4e and Cat 5e
-
D. Cat 6 and Cat 7
Frage 47
Frage
Which one of the following is typically considered a business
continuity task?
Antworten
-
A. Business impact assessment
-
B. Alternate facility selection
-
C. Activation of cold sites
-
D. Restoration of data from backup
Frage 48
Frage
Robert is the network administrator for a small business and recently
installed a new firewall. After seeing signs of unusually heavy network
traffic, he checked his intrusion detection system, which reported that
a smurf attack was under way. What firewall configuration change can
Robert make to most effectively prevent this attack?
Antworten
-
A. Block the source IP address of the attack.
-
B. Block inbound UDP traffic.
-
C. Block the destination IP address of the attack.
-
D. Block inbound ICMP traffic.
Frage 49
Frage
Which one of the following types of firewalls does not have the ability
to track connection status between different packets?
Antworten
-
A. Stateful inspection
-
B. Application proxy
-
C. Packet filter
-
D. Next generation
Frage 50
Frage
Which of the following is used only to encrypt data in transit over a
network and cannot be used to encrypt data at rest?
Antworten
-
A. TKIP
-
B. AES
-
C. 3DES
-
D. RSA
Frage 51
Frage
What type of fuzzing is known as intelligent fuzzing?
Antworten
-
A. Zzuf
-
B. Mutation
-
C. Generational
-
D. Code based
Frage 52
Frage
Matthew is experiencing issues with the quality of network service on
his organization’s network. The primary symptom is that packets are
occasionally taking too long to travel from their source to their
destination. The length of this delay changes for individual packets.
What term describes the issue Matthew is facing?
Antworten
-
A. Latency
-
B. Jitter
-
C. Packet loss
-
D. Interference
Frage 53
Frage
Which of the following multifactor authentication technologies
provides both low management overhead and flexibility?
Frage 54
Frage
What type of testing would validate support for all the web browsers
that are supported by a web application?
Antworten
-
A. Regression testing
-
B. Interface testing
-
C. Fuzzing
-
D. White box testing
Frage 55
Frage
Kathleen is implementing an access control system for her
organization and builds the following array:
Reviewers: update files, delete files
Submitters: upload files
Editors: upload files, update files
Archivists: delete files
What type of access control system has Kathleen implemented?
Antworten
-
A. Role-based access control
-
B. Task-based access control
-
C. Rule-based access control
-
D. Discretionary access control
Frage 56
Frage
Alan is installing a fire suppression system that will kick in after a fire
breaks out and protect the equipment in the data center from
extensive damage. What metric is Alan attempting to lower?
Antworten
-
A. Likelihood
-
B. RTO
-
C. RPO
-
D. Impact
Frage 57
Frage
Alan’s Wrenches recently developed a new manufacturing process for
its product. They plan to use this technology internally and not share it
with others. They would like it to remain protected for as long as
possible. What type of intellectual property protection is best suited
for this situation?
Antworten
-
A. Patent
-
B. Copyright
-
C. Trademark
-
D. Trade secret
Frage 58
Frage
Ben wants to interface with the National Vulnerability Database using
a standardized protocol. What option should he use to ensure that the
tools he builds work with the data contained in the NVD?
Antworten
-
A. XACML
-
B. SCML
-
C. VSML
-
D. SCAP
Frage 59
Frage
Which of the following is not one of the three components of the
DevOps model?
Antworten
-
A. Software development
-
B. Change management
-
C. Quality assurance
-
D. Operations
Frage 60
Frage
In the figure shown here, Harry’s request to read the data file is
blocked. Harry has a Secret security clearance, and the data file has a
Top Secret classification. What principle of the Bell-LaPadula model
blocked this request?
Antworten
-
A. Simple Security Property
-
B. Simple Integrity Property
-
C. *-Security Property
-
D. Discretionary Security Property
Frage 61
Frage
Norm is starting a new software project with a vendor that uses an
SDLC approach to development. When he arrives on the job, he
receives a document that has the sections shown here. What type of
planning document is this?
Frage 62
Frage
Kolin is searching for a network security solution that will allow him to
help reduce zero-day attacks while using identities to enforce a
security policy on systems before they connect to the network. What
type of solution should Kolin implement?
Frage 63
Frage
Gwen comes across an application that is running under a service
account on a web server. The service account has full administrative
rights to the server. What principle of information security does this
violate?
Antworten
-
A. Need to know
-
B. Separation of duties
-
C. Least privilege
-
D. Job rotation
Frage 64
Frage
Which of the following is not a type of structural coverage in a code
review process?
Antworten
-
A. Statement
-
B. Trace
-
C. Loop
-
D. Data flow
Frage 65
Frage
Which of the following tools is best suited to the information gathering
phase of a penetration test?
Antworten
-
A. Whois
-
B. zzuf
-
C. Nessus
-
D. Metasploit
Frage 66
Frage
During a web application vulnerability scanning test, Steve runs
Nikto against a web server he believes may be vulnerable to
attacks. Using the Nikto output shown here, answer the following
questions.
Why does Nikto flag the /test directory?
Antworten
-
A. The /test directory allows administrative access to PHP.
-
B. It is used to store sensitive data.
-
C. Test directories often contain scripts that can be misused.
-
D. It indicates a potential compromise.
Frage 67
Frage
During a web application vulnerability scanning test, Steve runs
Nikto against a web server he believes may be vulnerable to
attacks. Using the Nikto output shown here, answer the following
questions.
Why does Nikto identify directory indexing as an issue?
Antworten
-
A. It lists files in a directory.
-
B. It may allow for XDRF.
-
C. Directory indexing can result in a denial of service attack.
-
D. Directory indexing is off by default, potentially indicating
compromise.
Frage 68
Frage
During a web application vulnerability scanning test, Steve runs
Nikto against a web server he believes may be vulnerable to
attacks. Using the Nikto output shown here, answer the following
questions.
Nikto lists OSVDB-877, noting that the system may be vulnerable to
XST. What would this type of attack allow an attacker to do?
Antworten
-
A. Use cross-site targeting.
-
B. Steal a user’s cookies.
-
C. Counter SQL tracing.
-
D. Modify a user’s TRACE information.
Frage 69
Frage
Which one of the following memory types is considered volatile
memory?
Antworten
-
A. Flash
-
B. EEPROM
-
C. EPROM
-
D. RAM
Frage 70
Frage
Ursula believes that many individuals in her organization are storing
sensitive information on their laptops in a manner that is unsafe and
potentially violates the organization’s security policy. What control
can she use to identify the presence of these files?
Antworten
-
A. Network DLP
-
B. Network IPS
-
C. Endpoint DLP
-
D. Endpoint IPS
Frage 71
Frage
In what cloud computing model does the customer build a cloud
computing environment in his or her own data center or build an
environment in another data center that is for the customer’s exclusive
use?
Antworten
-
A. Public cloud
-
B. Private cloud
-
C. Hybrid cloud
-
D. Shared cloud
Frage 72
Frage
Which one of the following technologies is designed to prevent a web
server going offline from becoming a single point of failure in a web
application architecture?
Antworten
-
A. Load balancing
-
B. Dual-power supplies
-
C. IPS
-
D. RAID
Frage 73
Frage
Alice wants to send Bob a message with the confidence that Bob will
know the message was not altered while in transit. What goal of
cryptography is Alice trying to achieve?
Antworten
-
A. Confidentiality
-
B. Nonrepudiation
-
C. Authentication
-
D. Integrity
Frage 74
Frage
What network topology is shown here?
Antworten
-
A. A ring
-
B. A bus
-
C. A star
-
D. A mesh
Frage 75
Frage
Monica is developing a software application that calculates an
individual’s body mass index for use in medical planning. She would
like to include a control on the field where the physician enters an
individual’s weight to ensure that the weight falls within an expected
range. What type of control should Monica use?
Antworten
-
A. Fail open
-
B. Fail secure
-
C. Limit check
-
D. Buffer bounds
Frage 76
Frage
Your lab manager is preparing to buy all the equipment that has been budgeted for next year. While reviewing the
specifications for several pieces of equipment, he notices that each device has a Mean Time To Repair (MTTR) rating. He
asks you what this means. Which of the following is the best response?
Antworten
-
○ A. The MTTR is used to determine the expected time before the repair can be completed. Higher numbers are better.
-
○ B. The MTTR is used to determine the expected time before the repair can be completed. Lower numbers are better.
-
○ C. The MTTR is used to determine the expected time between failures. Higher numbers are better.
-
○ D. The MTTR is used to determine the expected time between failures. Lower numbers are better.
Frage 77
Frage
Which of the following would you be least likely to find in a data center?
Frage 78
Frage
You are asked to serve as a consultant on the design of a new facility. Which of the following is the best location for the
server room?
Antworten
-
○ A. Near the outside of the building
-
○ B. Near the center of the building
-
○ C. In an area that has plenty of traffic so that equipment can be observed by other employees and guests
-
○ D. In an area that offers easy access
Frage 79
Frage
Which of the following is not one of the three types of access controls?
Antworten
-
○ A. Administrative
-
○ B. Personnel
-
○ C. Technical
-
○ D. Physical
Frage 80
Frage
Your company has just opened a call center in India to handle nighttime operations, and you are asked to review the site’s
security controls. Specifically, you are asked which of the following is the strongest form of authentication. What will your
answer be?
Antworten
-
○ A. Something you know
-
○ B. Something you are
-
○ C. Passwords
-
○ D. Tokens
Frage 81
Frage
Your organization has become worried about recent attempts to gain unauthorized access to the R&D facility. Therefore,
you are asked to implement a system that will require individuals to present a password and enter a PIN at the security gate
before gaining access. What is this type of system called?
Frage 82
Frage
Which of the following ciphers is/are symmetric?
Antworten
-
○ A. DES
-
○ B. DES and Skytale
-
○ C. DES, Skytale, and Caesar’s cipher
-
○ D. DES, Skytale, Caesar’s cipher, and RSA
Frage 83
Frage
An employee is leaving your company. You debrief the individual and escort him to the door. After reviewing the materials in
his office, you realize he left with the VPN router that had been configured for him to use when he worked from home. This
router had a certificate issued to that employee, and it is not deemed worth the effort to retrieve it. What action should be
taken in regards to the certificate?
Antworten
-
○ A. Suspend it.
-
○ B. Destroy it.
-
○ C. Revoke it.
-
○ D. Transfer it.
Frage 84
Frage
Which algorithm provides for key distribution but does not provide encryption or nonrepudiation?
Frage 85
Frage
TCSEC provides levels of security that are classified in a hierarchical manner. Each level has a corresponding set of security
requirements that must be met. Which of the following does Level A correspond to?
Frage 86
Frage
TCSEC offers numbered divisions of security that can occur in each category. With this in mind, which of the following
represents the highest level of security?
Antworten
-
○ A. B2
-
○ B. D2
-
○ C. B1
-
○ D. D1
Frage 87
Frage
Jim has been asked to assist with a security evaluation. He has heard other members of the teams speak of TCB. What does
TCB stand for?
Antworten
-
○ A. Taking care of business
-
○ B. Total computer base
-
○ C. Trusted computer base
-
○ D. Total communication bandwidth
Frage 88
Frage
Which of the following is considered a connection-oriented protocol?
Antworten
-
○ A. UDP
-
○ B. TCP
-
○ C. ICMP
-
○ D. ARP
Frage 89
Frage
Which connectionless protocol is used for its low overhead and speed?
Antworten
-
○ A. UDP
-
○ B. TCP
-
○ C. ICMP
-
○ D. ARP
Frage 90
Frage
Information security is not built on which of the following?
Antworten
-
○ A. Confidentiality
-
○ B. Availability
-
○ C. Accessibility
-
○ D. Integrity
Frage 91
Frage
Place the following four elements of the Business Continuity Plan in the proper order.
Antworten
-
○ A. Scope and plan initiation, plan approval and implementation, business impact assessment, business continuity plan development
-
B. Scope and plan initiation, business impact assessment, business continuity plan development, plan approval and
implementation
-
○ C. Business impact assessment, scope and plan initiation, business continuity plan development, plan approval and implementation
-
○ D. Plan approval and implementation, business impact assessment, scope and plan initiation, business continuity plan development
Frage 92
Frage
Risk assessment is a critical component of the BCP process. As such, which risk-assessment method is scenario-driven and
does not assign numeric values to specific assets?
Antworten
-
○ A. Qualitative Risk Assessment
-
○ B. Statistical Weighted Risk Assessment
-
○ C. Quantitative Risk Assessment
-
○ D. Asset-Based Risk Assessment
Frage 93
Frage
Which of the following best describes the concept and purpose of BCP?
Antworten
-
○ A. BCPs are used to reduce outage times.
-
○ B. BCPs and procedures are put in place for the response to an emergency.
-
○ C. BCPs guarantee the reliability of standby systems.
-
○ D. BCPs are created to prevent interruptions to normal business activity.
Frage 94
Frage
What is not one of the three things that are needed to commit a computer crime?
Antworten
-
○ A. Means
-
○ B. Skill
-
○ C. Motive
-
○ D. Opportunity
Frage 95
Frage
The IAB (Internet Architecture Board) considers which of the following acts unethical?
Antworten
-
○ A. Disrupting the intended use of the Internet
-
○ B. Rerouting Internet traffic
-
○ C. Writing articles about security exploits
-
○ D. Developing security patches
Frage 96
Frage
What category of attack is characterized by the removal of small amounts of money over long periods of time?
Antworten
-
○ A. Slicing attack
-
○ B. Skimming attack
-
○ C. Bologna attack
-
○ D. Salami attack
Frage 97
Frage
Which of the following is not a valid database management system model?
Antworten
-
○ A. The hierarchical database management system
-
○ B. The structured database management system
-
○ C. The network database management system
-
○ D. The relational database management system
Frage 98
Frage
During which stage of the software development life cycle should security be implemented?
Antworten
-
○ A. Development
-
○ B. Project initiation
-
○ C. Deployment
-
○ D. Installation
Frage 99
Frage
In which software development life cycle phase do the programmers and developers become deeply involved and do the
majority of the work?
Antworten
-
○ A. System Design Specifications
-
○ B. Software Development
-
○ C. Operation and Maintenance
-
○ D. Functional Design Analysis and Planning
Frage 100
Frage
You have just won a contract for a small software development firm, which has asked you to perform a risk analysis. The
firm provided you information on previous incidents and has a list of the known environmental threats of the geographic area.
The firm’s president believes that risk is something that can be eliminated. As a CISSP, how should you respond to this
statement?
Antworten
-
○ A. Although it can be prohibitively expensive, risk can be eliminated.
-
○ B. Risk can be reduced but cannot be eliminated.
-
○ C. A qualitative risk analysis can eliminate risk.
-
○ D. A quantitative risk assessment can eliminate risk.
Frage 101
Frage
Which term describes the method of identifying vulnerabilities and threats and assessing the possible damage to determine
where to implement security safeguards?
Antworten
-
○ A. Information management
-
○ B. Risk analysis
-
○ C. Countermeasure selection
-
○ D. Classification controls
Frage 102
Frage
Proper security management dictates separation of duties for all the following reasons except which one?
Antworten
-
○ A. It reduces the possibility of fraud.
-
○ B. It reduces dependency on individual workers.
-
○ C. It reduces the need for personnel.
-
○ D. It provides integrity.
Frage 103
Frage
Attackers are always looking for ways to identify systems. One such method is to send a TCP SYN to a targeted port.
What would an attacker expect to receive in response to indicate an open port?
Antworten
-
○ A. SYN
-
○ B. SYN ACK
-
○ C. ACK
-
○ D. ACK FIN
Frage 104
Frage
Which of the following is an example of a directive control?
Frage 105
Frage
Brad uses Telnet to connect to several open ports on a victim computer and capture the banner information. What is the
purpose of his activity?
Frage 106
Frage
A closed-circuit TV (CCTV) system has been installed to monitor a bank’s ATM. The lighting has been adjusted to prevent
dark areas, and the depth of field and degree of focus are appropriate for proper monitoring. However, the guard has asked
if it would be possible to provide greater width to the area being monitored to permit a subject to be captured for a longer
stretch of time. Which adjustment is needed?
Frage 107
Frage
When you’re choosing the physical location for a new facility, which of the following should you not avoid?
Frage 108
Frage
Which of the following is not one of the three primary types of authentication?
Frage 109
Frage
While working as a contractor for Widget, Inc., you are asked what the weakest form of authentication is. What will you
say?
Antworten
-
○ A. Passwords
-
○ B. Retina scans
-
○ C. Facial recognition
-
○ D. Tokens
Frage 110
Frage
A coworker reports that she has lost her public key ring. What does this mean?
Antworten
-
○ A. This is a security violation. You need to revoke her digital certificate.
-
○ B. She can regenerate it.
-
○ C. She will be unable to decrypt her stored files.
-
○ D. The PKI is gone.
Frage 111
Frage
What is the risk to an organization when a cryptosystem fails to use the full keyspace available?
Frage 112
Frage
Which of the following is not one of the valid states in which a CPU can operate?
Antworten
-
○ A. Processor
-
○ B. Supervisor
-
○ C. Problem
-
○ D. Wait
Frage 113
Frage
Which organization began developing the Common Criteria standard in 1990?
Antworten
-
○ A. IEEE
-
○ B. ISC2
-
○ C. ISO
-
○ D. NIST
Frage 114
Frage
Which data communications solution transmits timing information to the receiver by using a “preamble” of alternating 1s and
0s?
Frage 115
Frage
LAN data transmissions can take on several different forms. Which of the following can be both a source and a destination
address?
Antworten
-
○ A. Unicast
-
○ B. Multicast
-
○ C. Broadcast
-
○ D. Anycast
Frage 116
Frage
What are the three goals of a business impact analysis?
Antworten
-
○ A. Downtime estimation, resource requirements, defining the continuity strategy
-
○ B. Defining the continuity strategy, criticality prioritization, resource requirements
-
○ C. Criticality prioritization, downtime estimation, documenting the continuity strategy
-
○ D. Criticality prioritization, downtime estimation, resource requirements
Frage 117
Frage
Which of the following is the number-one priority for all Business Continuity Plans (BCPs) and Disaster Recovery Plans
(DRPs)?
Antworten
-
○ A. The reduction of potential critical outages
-
○ B. The minimization of potential outages
-
○ C. The elimination of potential outages
-
○ D. The protection and welfare of employees
Frage 118
Frage
You are assigned to a team that is investigating a computer crime. You are asked to make sure that the original data remains
unchanged. Which of the following programs can be used to create a cryptographic checksum to verify the data’s integrity?
Antworten
-
○ A. PKZip
-
○ B. MD5sum
-
○ C. DES
-
○ D. PGP
Frage 119
Frage
Paul is concerned about the proper disposal of old hard drives that contain propriety information. Which of the following
techniques ensures that the data cannot be recovered?
Antworten
-
○ A. Formatting
-
○ B. FDISK
-
○ C. Drive wiping
-
○ D. Data parsing
Frage 120
Frage
In the software development life cycle, what is used to maintain changes to development or production?
Frage 121
Frage
What is the most-used type of database management system?
Antworten
-
○ A. The hierarchical database management system
-
○ B. The structured database management system
-
○ C. The network database management system
-
○ D. The relational database management system
Frage 122
Frage
As a potential CISSP, you need to know common RFCs and NIST standards. One such RFC is 2196. This IETF
document provides basic guidance on security in a networked environment. What is the title of this document?
Antworten
-
○ A. “Ethics and the Internet”
-
○ B. “Site Security Handbook”
-
○ C. “Cracking and Hacking TCP/IP”
-
○ D. “Security Policies and Procedures”
Frage 123
Frage
Mr. Hunting, your former college math teacher, hears that you are studying for your CISSP exam and asks if you know the
formula for total risk. What is the correct response?
Antworten
-
○ A. Annual Loss Expectancy * Vulnerability = Total Risk
-
○ B. Threat * Vulnerability * Asset Value = Total Risk
-
○ C. Residual Risk / Asset Value * Vulnerability = Total Risk
-
○ D. Asset Value / Residual Risk = Total Risk
Frage 124
Frage
An access-control matrix can be used to associate permissions of a subject to an object. Permissions can be tied to a lattice
of control. If the lattice of control for Cindy and Bob is read and read/write, which of the following is true?
Antworten
-
○ A. Bob will be able to read File X.
-
○ B. Bob has full control of File X.
-
○ C. Bob cannot access File X.
-
○ D. Alice has full access on File Y.
Frage 125
Frage
The attacker waits until his victim establishes a connection to the organization’s FTP server. Then, he executes a program
that allows him to take over the established session. What type of attack has taken place?
Antworten
-
○ A. Password attack
-
○ B. Spoofing
-
○ C. Session hijack
-
○ D. ARP redirection